Astra Linux - уязвимость в libsdl2

A potential memory leak issue was discovered in the SDL2 library, specifically in the GLESCreateTexture function within the SDLrendergles.c file. This vulnerability allows an attacker to carry out a denial-of-service attack. The vulnerability affects SDL2 version 2.0.4 and later versions. SDL-1.x...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: hsr: Prevention of use after freeing in prpcreatetaggedframe. The prpfillrct function may fail. In that case, it frees the skb and returns NULL. On the successful path, however, it returns the original skb. Therefore, it is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: fixed a stack buffer overflow in hcilebigcreatesync. The hcilebigcreatesync function uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack, with 0x11 17 slots available. However, conn-numbi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mlx5: Default values have been fixed in the create CQ process. Currently, CQs without a completion function are assigned the mlx5addcqtotasklet function by default. This is problematic because only user CQs created through the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fixed a memory leak when thresholdcreatebank fails. In mcethresholdcreatedevice, if thresholdcreatebank fails, the previously allocated thresholdbanks array @bp will be leaked, because the call to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: Prevent a NULL dereference in rtnlcreatelink. When rtnlcreatelink is running, dev-netdevops is NULL. We must not use netdevlockops, as it may lead to a NULL dereference if CONFIGNETSHAPER is defined. Instead, use...

Astra Linux - уязвимость в sqlite

In SQLite version 3.22.0, databases whose schemas are corrupted using the CREATE TABLE AS statement could lead to a NULL pointer dereferencing issue, related to build.c and prepare.c...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Suppressed a kernel complaint in qlacreateqpair 12.323788 BUG: Using smpprocessorid in preemptible 00000000 code: systemd-udevd/1020 12.332297 Caller is qla2xxxcreateqpair+0x32a/0x5d0 qla2xxx 12.338417 CPU: 7 PI...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: posix-timers: A potential memory leak was identified in dotimercreate. When creating a posix timer with allocation of a specific timer ID, if there are issues with accessing the value in the user space, the function terminates...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the drivers/mtd/ubi/vtbl.c file in the Linux kernel, up to version 6.7.4, it is possible for the code to attempt to allocate zero bytes, resulting in a crash due to a missing check for ubi-lebsize...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

Astra Linux - уязвимость в postgresql-11

In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed memregion leaks in devmcxladdregion. The mode verification was moved to createregion before allocating the memregion, thereby avoiding memregion leaks...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: virtiovdpa: Building affinity masks conditionally We were trying to build the affinity mask using createaffinitymasks unconditionally, which could lead to several issues: - The affinity mask is not used for parent processes witho...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ceph: The reference to cephstring should be placed correctly after the asynccreate attempt. The reference obtained by tryprepasynccreate is currently being leaked. Make sure we place it correctly...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: lpfc: Fixed a memory leak in lpfccreateport. The commit 5e633302ace1 “scsi: lpfc: vmid: Added support for VMID in the mailbox command” introduced allocations for the VMID resources in lpfccreateport after the call to...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: rbd: Avoid use-after-free in dorbdadd, when rbddevcreate fails. If obtaining an ID or setting up a work queue in rbddevcreate fails, a use-after-free occurs on rbddev-rbdclient, rbddev-spec, and rbddev-opts in dorbdadd. The root...