Astra Linux - уязвимость в sqlite

In SQLite version 3.22.0, databases whose schemas are corrupted using the CREATE TABLE AS statement could lead to a NULL pointer dereferencing issue, related to build.c and prepare.c...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the drivers/mtd/ubi/vtbl.c file in the Linux kernel, up to version 6.7.4, it is possible for the code to attempt to allocate zero bytes, resulting in a crash due to a missing check for ubi-lebsize...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Suppressed a kernel complaint in qlacreateqpair 12.323788 BUG: Using smpprocessorid in preemptible 00000000 code: systemd-udevd/1020 12.332297 Caller is qla2xxxcreateqpair+0x32a/0x5d0 qla2xxx 12.338417 CPU: 7 PI...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: posix-timers: A potential memory leak was identified in dotimercreate. When creating a posix timer with allocation of a specific timer ID, if there are issues with accessing the value in the user space, the function terminates...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free after failing to create a snapshot. In ioctl.c’s createsnapshot function, we allocate a pending snapshot structure and then attach it to the transaction’s list of pending snapshots. After that, we ca...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: tipc: Moving the bc link creation back to tipcnodecreate. Shuang Li reported a NULL pointer dereference crash: BUG: NULL pointer dereference in the kernel, address: 0000000000000068 RIP: 0010:tipclinkisup+0x5/0x10 tipc Call...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: XArray: Fixed the issue with xascreaterange when a multi-index entry is present. If there is already an entry present that is of order = XACHUNKSHIFT when we call xascreaterange, xascreaterange will misinterpret that entry as a...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

Astra Linux - уязвимость в postgresql-11

In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: possible double-free of cctx-remoteheap The function fastrpcinitcreatestaticprocess may free the memory allocated to cctx-remoteheap during the errmap path, but does not clear the pointer pointing to that memory...

Astra Linux - уязвимость в mariadb-10.3

A issue in the Createtmptable::finalize component of MariaDB Server v10.7 and below was discovered. This issue allows attackers to cause a Denial of Service DoS attack through specially crafted SQL statements...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed memregion leaks in devmcxladdregion. The mode verification was moved to createregion before allocating the memregion, thereby avoiding memregion leaks...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtiovdpa: Building affinity masks conditionally We were trying to build the affinity mask using createaffinitymasks unconditionally, which could lead to several issues: - The affinity mask is not used for parent processes witho...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rbd: Avoid use-after-free in dorbdadd, when rbddevcreate fails. If obtaining an ID or setting up a work queue in rbddevcreate fails, a use-after-free occurs on rbddev-rbdclient, rbddev-spec, and rbddev-opts in dorbdadd. The root...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: coresight: syscfg: Fixed a memory leak that occurred during registration failures in cscfgcreatedevice. deviceregister calls deviceinitialize. According to the documentation for deviceinitialize: “Use putdevice to release the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: The reference to cephstring should be placed correctly after the asynccreate attempt. The reference obtained by tryprepasynccreate is currently being leaked. Make sure we place it correctly...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing and creating contexts in smb2ParseContexts. This fixes the following OOPs when accessing invalid create contexts from th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a memory leak in lpfccreateport. The commit 5e633302ace1 “scsi: lpfc: vmid: Added support for VMID in the mailbox command” introduced allocations for the VMID resources in lpfccreateport after the call to...