8149 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Nullifies the cq-dbg pointer in mlx5debugcqRemove Before this patch, if mlx5CoreDestroyCq failed, the destruction operations continued. However, mlx5CoreDestroyCq could be called again by the user, causing additional...
Astra Linux - уязвимость в ansible
In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, and ansible-engine 2.6.19 were logging at the DEBUG level. This led to the disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...
Astra Linux - уязвимость в cups
OpenPrinting CUPS is an open-source printing system. In versions 2.4.2 and earlier, a heap buffer overflow vulnerability existed, which allowed a remote attacker to launch a Denial-of-Service DoS attack. This vulnerability was present in the formatlogline function. Exploitation of this...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoided calling WARN when unbinding an event channel. When unbinding a user event channel, the related handler might be called a last time, especially if the kernel was built with CONFIGDEBUGSHIRQ. This could result i...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crashdump: Do not log the bytes of the dm-crypt key in readkeyfromuserkeying. When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload, thereby partially exposing the dm-crypt key. Stop loggi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Fixed an issue where the peerid of 0 was not found when the connection was disconnected. There is a failure log for this issue, located at ath11kdprxprocessmonstatus. When debugmask is not set to ATH11KDBGDATA, no l...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: armscmi: Account for failed debug initialization. When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. This fault condition should be...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A flaw was discovered in KVM. When calling the KVMGETDEBUGREGS ioctl on 32-bit systems, there might be uninitialized portions of the kvm Debugregs structure that could be copied into user space, resulting in an information leak...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: add a schedule point in ioaddbuffers Looping 65535 times doing kmalloc calls can trigger soft lockups, especially with DEBUG features like KASAN. 253.536212 watchdog: BUG: soft lockup - CPU64 stuck for 26s!...
Astra Linux - уязвимость в python-django
In Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2, the % debug % template tag does not encode the current context properly. This may lead to Cross-Site Scripting XSS attacks...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue in kmemleak in orangefspreparedebugfshelpstring has been fixed. When inserting or removing the orangefs module, the debughelpstring variable may be leaked: - Unreferenced object: 0xffff8881652ba000 size 4096 -...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: sched/debug: The issue of dentry leaks during the updatescheddomaindebugfs function has been fixed. Kuyo reports that the pattern of using debugfsremovedebugfslookup causes a dentry leak. With a hotplug stress test, the machine...
Astra Linux - уязвимость в binutils
Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the displaydebugsection function in the readelf.c file...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Avoid use-after-free in ext4extshowleaf In ext4findextent, the path may be freed by an error or reallocated. Therefore, using a previously saved ppath may have already been freed, thereby potentially causing a use-after-fre...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: jfs: xattr: fixed buffer overflow for invalid xattr values. When the xattr size is not as expected, it is printed out to the kernel log in hexadecimal format as a form of debugging. However, when that xattr size is larger than...
Astra Linux - уязвимость в linux-6.1, linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed a use-after-free bug in cifsdebugdataprocshow Skipped SMB sessions that are being terminated e.g., @ses-sesstatus == SESEXITING in cifsdebugdataProcShow to avoid use-after-free in @ses. This fixes the...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: time/debug: A memory leak was fixed by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise a memory leak will occur over time. To simplify things, simply call debugfslookupandremove,...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: dbg-tlv: Ensure NUL termination The iwlfwiunidebuginfotlv is used as a string; therefore, we must ensure that the string is terminated correctly before using it...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Fixed NULL access in the assignchannelcontexthandler function. Currently, when the ath12kmacassignviftovdev function fails, the radio handle is accessed from the link VIF handle arvif for debugging purposes. Thi...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Set the correct AMDGPU sg segment limitation. The driver needs to set the correct maxsegmentsize; otherwise, debugdmamapsg will complain about the over-mapping of the AMDGPU sg length as follows: WARNING: CPU: 6 PID:...