Astra Linux – Vulnerability in Zabbix

The cause of the vulnerability is improper validation of the “Name” field in the form input on the Graph page in the Items section...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem 1, and it solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, t...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In tty: goldfish, use ttyportdestroy to destroy the port. In goldfishttyprobe, the port initialized through ttyportinit should be destroyed in error paths. In goldfishttyremove, qtty-port also should be destroyed; otherwise,...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net: mctp: It now takes ownership of the skb in mctplocaloutput. Currently, mctplocaloutput only takes ownership of the skb on a successful outcome. In some cases where mctplocaloutput fails, we might leak the skb. Ownership of t...

Astra Linux – Vulnerability in Golang-1.19

Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in the Linux kernel through version 6.1-rc8. The function dpucrtcatomiccheck in the file drivers/gpu/drm/msm/disp/dpu1/dpucrtc.c lacks a check for the return value of kzalloc. This issue may lead to a NULL Pointer Dereference...

Astra Linux – Vulnerability in SQLite3

In SQLite 3.30.1, selectExpander in select.c continues with the WITH stack unwinding process even after a parsing error occurs...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: feem: Fixed a memory leak in eemunwrap. The existing code did not handle the failure case of usbepqueue in the command path, potentially leading to memory leaks. Improved error handling to free all allocated...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fixed NULL dereferencing in error handling The following issue was reported: drivers/scsi/qedf/qedfmain.c:3056 qedfallocglobalqueues Warn: Missing unwind goto? At this point in the function, nothing has been allocated...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipv4: A reference count leak was fixed when using error routes with nexthop objects. When a nexthop object is deleted, it is marked as “dead”, and then fibtableFlush is called to flush all routes that use the dead nexthop. The...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpgalloc. In tpgalloc, resources should be deallocated in every possible error-handling path, as they are allocated using for statements. Otherwise, memleaks could occur, since tpgfree is onl...

Astra Linux – Vulnerability in dcmtk

DCMTK through version 3.6.6 does not handle memory deallocation properly. The malloc function allocates heap memory for data parsing, but does not deallocate that memory when there are errors in parsing. Sending specific requests to the dcmqrdb program leads to memory leaks. An attacker can use...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath11k: The affinity hint was cleared before calling ath11kpcicfreeirq in the error path. If a shared IRQ is used by the driver due to platform limitations, then the IRQ affinity hint is set correctly after the allocation o...

Astra Linux – Vulnerability in TIF format

LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 368 of libtiff/tifunix.c. This vulnerability is invoked by lines 2903 and 6778 of tools/tiffcrop.c. This allows attackers to cause a denial-of-service attack through a crafted TIF file. For users who compile...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fixed the error handling for regmap init. The devmregmapinitmmio function now returns ERRPTR upon an error, instead of NULL. The error check has also been fixed, and the error message has been corrected...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: regulator: raa215300 – Fixed resource leak in case of errors The clkregisterclkdev function allocates memory by calling vclkdevalloc, and this memory is not freed in the error path. Similarly, resources allocated by...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fixed NULL pointer access via aerinfo. The kzallocGFPKERNEL function may return NULL, resulting in kernel panic when accessing aerinfo-xxx. This issue has been fixed...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Added missing error handling inside the getcanonicaldevpath function. Inside the getcanonicaldevpath function, we call dpath to obtain the final device path. However, dpath may return an error. In such cases, the next call...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in the axichanhandleerr function. Since there is no protection for vd, a kernel panic will be triggered in exceptional cases. You can refer to the processing of the...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in the ansible-connection module of Ansible Engine, where sensitive information such as Ansible user credentials is disclosed by default in the traceback error message. The greatest threat posed by this vulnerability is related to confidentiality...