4226 matches found
Astra Linux - уязвимость в chromium
A heap buffer overflow in the Settings component of Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to interact with Dev Tools, potentially exploiting heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: msft: fixed a slab-use-after-free in msftdoclose By tying the lifetime of msft-data to hdev by freeing it in hcireleasedev, the following issue was addressed: Use msftdoclose msft = hdev-msftdata; if !msft ...1...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: fixed a possible memory leak in btrfsgetdevargsfrompath In btrfsgetdevargsfrompath, btrfsgetbdevandsb may fail if the path is invalid. In such cases, btrfsgetdevargsfrompath returns directly without freeing the args-uui...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bonding: The device was stopped in bondsetupbyslave. The commit 9eed321cde22 "net: lapbether: only support Ethernet devices" was able to keep syzbot away from net/lapb until today. In the following issue 1, a lapbether device...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed a deadlock issue in AP/VLAN handling. Syzbot reports that when APVLAN interfaces are active, closing the AP interface they belong to can lead to a deadlock. This isn’t surprising—since we use devclose to handle...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fixed a null-point-dereference issue in fmtsinglename. Check the return value of devmkstrdup in case of null-point-dereference...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mcdev The responsible commit attempted to simplify the way memory allocations are performed, but this process resulted in a double-free on the mcdev variable. If the MC device is a DPRC, a new mcbu...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: octeonep: Fixed the issue where the host would hang during device reboot. When the host loses heartbeat messages from the device, the driver calls the device-specific ndostop function, which frees the resources. If the driver is...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Do not attempt to replace the rwsem lock on a device that already holds it. By running fstests btrfs/011 with MKFSOPTIONS="-O rst" to force the use of the RAID stripe-tree, we obtain the following error from lockdep:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fixed deadlock issues during suspend and resume operations. When an application sends a query IOCTL while auto suspend is in progress, a deadlock can occur. The query process first acquires devlock, then calls...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisock: Prevent race conditions in socket write iteration and sockbind. There is a potential race condition between sockBind and socketwriteiter. bind may free the same memory location through mgmtPending before th...
Astra Linux - уязвимость в runc-app
Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, an attacker can trick runc into binding /dev/pts/$n to /dev/console. Normally, these paths are made read-onl...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fixed an out-of-bounds access in dispmixcsrclkdevdata When numparents is 4, the clkregister function performs an out-of-bounds access when accessing the parentnames member. Use ARRAYSIZE instead of hardcoding numbers...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed the NULL pointer dereference in the route error path caused by ipv4 null-ptr-deref. The IPv4 code path in ipvsgetoutrt calls dstlinkfailure, without ensuring that skb-dev is set. This leads to a NULL pointer dereferen...
Astra Linux - уязвимость в multipath-tools
Multipath-tools versions 0.7.7 through 0.9.x, prior to 0.9.2, allowed local users to obtain root access. This vulnerability was exploited in conjunction with CVE-2022-41974. Local users who had access to /dev/shm could modify symlinks within multipathd due to incorrect symlink handling. This coul...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: let netcore.devweight always be non-zero The following problem was encountered during stability test: NULL netdevice: NAPI poll function processbacklog+0x0/0x530 returned 1, exceeding its budget of 0. ------------ cut here...
Astra Linux - уязвимость в runc-app
Runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, as well as 1.3.0-rc.1 through 1.3.1, and 1.4.0-rc.1 and 1.4.0-rc.2, runc did not perform sufficient verification to ensure that the source of the bind-mount i.e., the container’...
Astra Linux - уязвимость в chromium
Before version 95.0.4638.54, using "use after free" in Dev Tools in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mt6797-mt6351 – Fixed the refcount leak in mt6797mt6351devprobe. The ofparsephandle function returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add th...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: rbd: Avoid use-after-free in dorbdadd, when rbddevcreate fails. If obtaining an ID or setting up a work queue in rbddevcreate fails, a use-after-free occurs on rbddev-rbdclient, rbddev-spec, and rbddev-opts in dorbdadd. The root...