457395 matches found
Astra Linux – Vulnerability in Squid
Squid is a caching proxy for the Web. Prior to version 7.5, due to improper input validation, Squid was vulnerable to out-of-bound reads when handling ICP traffic. This issue allowed a remote attacker to access small amounts of memory that might contain sensitive information, by responding with...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: sched/rt: Fixed a race condition in the pushrttask function. Overview ======== When a CPU decides to call the pushrttask function and selects a task to be pushed onto another CPU’s runqueue, it will invoke the findlocklowestrq...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: esdusb: esdusbreadbulkcallback: fixed the URB memory leak. The memory leak was fixed in a similar manner to the issue in commit 7352e1d5932a “can: gsusb: gsusbreceivebulkcallback: fixed the URB memory leak”. In esdusbopen, t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a deadlock in waitcurrenttrans due to an ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transactio...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Net: Consume xmit errors of GSO frames. udpgrofrglist.sh and udpgrobench.sh are the most flaky tests currently in NIPA. They fail in exactly the same way. The TCP GRO test occasionally stalls, and the test terminates after 10...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dm: remove fake timeout to avoid leak request Since commit 15f73f5b3e59 "blk-mq: move failure injection out of blkmqcompleterequest", drivers are responsible for calling blkshouldfaketimeout at appropriate code paths and...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: usbnet: Fixed the issue involving the use of smpprocessorid in preemptible code. Syzbot reported the following warning: BUG: Using smpprocessorid in preemptible 00000000 code: dhcpcd/2879. Caller: usbnetskbreturn+0x74/0x490,...
Astra Linux – Vulnerability in Capstone
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and earlier, a unchecked return from vsnprintf in SStreamconcat allowed a malicious csoptmem.vsnprintf to manipulate SStream’s index beyond its limit, resulting in a stack buffer underflow/overflow when the next write operation occurre...
Astra Linux – Vulnerability in sdl-image1.2
SDLimage is a library for loading images of various formats as SDL surfaces. In the dolayersurface function in src/IMGxcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without being validated against the colormap size cmnum. A crafted .xcf file with a smal...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disabling MMIO access during SMU Mode 1 reset During Mode 1 reset, the ASIC undergoes a reset cycle and becomes temporarily inaccessible via PCIe. Any attempt to access MMIO registers during this period e.g., from...
Astra Linux – Vulnerability in Capstone
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and earlier, the length of Skipdata was not checked for bounds. As a result, a user-provided Skipdata callback could cause the csdisasm/csdisasmiter memcpy function to write more than 24 bytes into csinsn.bytes, leading to a heap buffe...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a reference count leak in bpfprogtestrunxdp syzbot reports: unregisternetdevice: Waiting for sit0 to become available. Usage count = 2. A debug printk patch revealed that a reference count is obtained at...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: prevents corruption of pcp with SMP=n. The kernel test robot has reported: BUG: Spinlock trylock failure on CPU0, kcompactd0/28. Lock: 0xffff888807e35ef0, .magic: dead4ead, .owner: kcompactd0/28, .ownercpu: 0. CPU: ...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Media: imon: Make sendpacket more robust syzbot reports that imon has three problems that result in hung tasks due to continuously holding the device lock 1. The first problem is that when usbrxcallbackintf0 encounters an...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ext4: Refresh the inline data size before write operations The cached ei-iInlineSize can become stale between the initial size check and when ext4updateInlineData/ext4createInlineData use it. Although ext4getmaxInlineSize reads t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential UAF and double-free errors in smb2openfile Set @erriov and @errbuftype to zero before retrying SMB2open, to prevent UAF bugs if @data != NULL; otherwise, a double-free error will occur...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Always use vmcb01 in the emulation of VMLOAD/VMSAVE. The commit cc3ed80ae69f states that “KVM: nSVM: always use vmcb01 for vmsave/vmload of guest state”. This commit ensured that KVM always used vmcb01 for the fields...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking The catcprobe function fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors. This occurs as follows: - usbsndbulkpipeusbdev, 1 and...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: The function mostregisterinterface did not properly release resources if it failed early before registering the device. In such cases, it returned an error code immediately, causing the memory allocated for the interface to be...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: HID: hid-pl: handle probe errors Errors in the init process must be reported back; otherwise, we will follow a NULL pointer the first time FF is used...