13527 matches found
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several ve...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, a previously existing admin queue may still exist. Properly release this queue before allocating a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: catch commit test ctx alloc failure Patch series "mm/damon/sysfs: fix commit test damonctx deallocation". DAMON sysfs interface dynamically allocates and uses a damonctx object for testing if given inputs for onli...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: The NFSINOLAYOUTCOMMIT field was cleared in pnfsmarklayoutstateidInvalidial. This fix prevents a crash occurring when the layout is null during this call stack: write inode - nfs4write inode - pnfslayoutcommit inode...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. The nftverdictinit function allows positive values as drop errors within the hook verdict, and thus the nfhookslow function can cause a double-free vulnerabili...
Astra Linux - уязвимость в tiff
The "Divide By Zero" error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile libtiff from source code, the fix is available in the commit f3a5e010...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemcpy in libtiff/tifunix.c:346, when called from extractImageSection, located at tools/tiffcrop.c:6826. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIFF file. For users who compile...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in TIFFmemcpy in libtiff/tifunix.c:346, when called from extractImageSection, located at tools/tiffcrop.c:6860. This vulnerability allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds read in tiffcp, located at line 948 of tools/tiffcp.c. This vulnerability allows attackers to cause a denial-of-service attack through a specially crafted TIFF file. For users who compile LibTIFF from source code, the fix is available in the commit with the...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds read in tiffcrop at line 3400 of tools/tiffcrop.c, allowing attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile LibTIFF from source code, the fix is available in the commit afaabc3e...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in tiffcrop, located at line 3701 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious tiff file. For users who compile LibTIFF from source code, the fix is available in the comm...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
There is a speculative pointer dereferencing issue in the Linux kernel, specifically with the doprlimit function. The value of the resource argument is controlled and is used in pointer arithmetic for the ‘rlim’ variable. This can lead to the leakage of its contents. We recommend upgrading to a...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. The function nftpipapowalk does not skip inactive elements during the set walk, which can result in double deactivation of PIPAPO Pile Packet Policies elements...
Astra Linux - уязвимость в linux-5.10, linux-5.15
A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it does not check whether the chain is bound, and the owner rule of the chain may also release objects under...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A use-after-free vulnerability exists in the Linux kernel’s net/sched:clsu32 component, which can be exploited to achieve local privilege escalation. When the u32change function is called on an existing filter, the entire tcfresult struct is always copied into the new instance of the filter. This...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: ubifs: Authentication: Fixed a use-after-free in ubifstncendcommit. After an insertion in TNC, the tree may split, causing a node to change its znode-parent. Further deletions of other nodes in the tree which could also free thos...
Astra Linux - уязвимость в linux
The bpf verifier in the Linux kernel failed to properly handle truncation of the mod32 destination register when the source register was known to be 0. A local attacker who had the ability to load bpf programs could exploit this vulnerability by performing out-of-bounds reads in kernel memory,...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: s390/idle: Marking archcpuidle as having no instructions. The linux-next commit “cpuidle: tracing: Warning about !rcuiswatching” adds a new warning that affects the archcpuidle function on the s390 architecture. WARNING: For CPU:...
Astra Linux - уязвимость в linux-6.1
A use-after-free vulnerability in the Linux kernel’s fs/smb/client component can be exploited to achieve local privilege escalation. In the event of an error in smb3fscontextParseparam, the ctx-password variable is freed, but the variable is not set to NULL, which could lead to a double-free. We...
Astra Linux - уязвимость в tiff
LibTIFF 4.4.0 contains an out-of-bounds read vulnerability in the writeSingleSection function located at line 7345 in the tools/tiffcrop.c file. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIFF file. For users who compile LibTIFF from source code, t...