13718 matches found
Astra Linux - уязвимость в python-django
A issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. This issue arises due to the use of the Django Template Language’s variable resolution logic. The dictsort template filter is potentially vulnerable to information disclosure, or an unintended method call...
Astra Linux - уязвимость в samba
A flaw was discovered in the way Samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it, an attacker could replace the later fragments with their own data, thereby bypassing the signature requirements...
Astra Linux - уязвимость в samba
A flaw was discovered in Samba’s DNS server. A authenticated user could exploit this flaw to cause damage to the RPC server. This RPC server, which also supports protocols other than dnsserver, will be restarted after a short delay. However, it is easy for an authenticated, non-administrative...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Flushing delayed SKBs while releasing RXE resources When SKB packets are sent out, they still depend on rxe resources, such as QP and sk. If these resources are released when the SKB packets are destroyed, call traces m...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Avoid NULL pointer dereferencing in debug calls. The cifsserverdbg function assumes that the server variable is non-NULL; therefore, move the call under conditions that prevent NULL pointer dereferencing. Identified by t...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the calltrace warning in psphwfini. The call trace occurs when the amdgpu is removed after a mode1 reset. During a mode1 reset, from suspend to resume, there is no need to reinitialize the ta firmware buffer,...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: acct: performs the last write operation from the workqueue. In 1, it was reported that the acct2 system call can be used to trigger a NULL derefrence in cases where it is set to write to a file that triggers an internal lookup...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Bonding: Fix for missing rcu protection. When removing the rcureadlock from bondethtoolgettsinfo, I didn’t realize that it could also be called via setsockopt, which does not hold a rcu lock. As pointed out by syzbot: Stack trace...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a race condition in the RPC handle list access. The sess-rpchandlelist XArray manages RPC handles within a ksmbd session. Access to this list is intended to be protected by sess-rpclock a rwsemaphore. However, the...
Astra Linux - уязвимость в exuberant-ctags
A flaw was discovered in Exuberant Ctags regarding its handling of the "-o" option. This option specifies the tag filename. A specially crafted tag filename, specified either in the command line or in the configuration file, can lead to arbitrary command execution. This occurs because the...
Astra Linux - уязвимость в linux-5.10
A out-of-bounds memory read flaw was discovered in the Linux kernel’s BPF subsystem, related to how a user calls the bpftailcall function with a key that is larger than the maxentries of the map. This flaw allows a local user to gain unauthorized access to data...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nfs: Handling of the error from rpcprocregister in nfsnetinit. A warning 0 was triggered while destroying immature netnames. rpcprocregister was called in initnfsfs, but its error has been ignored since at least the initial commi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: perf/core: The handling of buffer mapping fails correctly in perfmmap. After a buffer is successfully allocated or an existing buffer is successfully attached, perfmmap attempts to map the buffer into the page table in read-only...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: The dealloc repeatcallcontrol function may fail if damoncall fails. damoncall for managing repeatcallcontrol of DAMONSYSFS may fail if the kdamond function is stopped before the damoncall is invoked. This can...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in atomic call When we set the dual-role port to Host mode, we observed the following issues: - Splat: 167.057718 BUG: Sleeping function called from invalid context at include/linux/sched/mm.h:229...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: vhostvdpa: The irqbypassunregisterProducer token must be assigned correctly. Previously, we called irqbypassunregisterProducer within vhostvdpasetupvqirq. This was problematic because we had no way of knowing whether the token...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: afs: Fixed dynamic root getattr The recent patch to modify afagetattr to consult the server did not take into account the pseudo-inodes used by the dynamic root-type afa superblock. As a result, there was an oops when such a...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fixed an infinite recursive call of clippush. syzbot reported this issue below. 0 This issue occurs when we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push; during the...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svctcplistendataready After the listener svcsock is freed, and before invoking svctcpaccept for the established child sock, there is a window that the newsock retaining a freed listener svcsock in skuserdata...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: tpm: Added !tpmamdisrngdefective to the hwrngunregister call site The following crash was reported: 1950.279393 listdel corruption, ffff99560d485790-next is NULL 1950.279400 ------------ cut here ------------ 1950.279401 Kerne...