73452 matches found
Astra Linux - уязвимость в zabbix
The cause of the vulnerability is improper validation of the “Name” field in the form input on the Graph page in the Items section...
Astra Linux - уязвимость в libstb
stbimage is a single-file library licensed under MIT that is used for processing images. If stbiloadgifmain in stbiloadgiffrommemory fails, it returns a null pointer, and the z variable may remain uninitialized. If the caller also sets the vertical flipping flag, the process continues by calling...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: ipmisi: fixed a memory leak in trysmiinit Kmemleak reported the following information regarding the memory leak in trysmiinit: Unreferenced object 0xffff00018ecf9400 size 1024: Command "modprobe", PID 2707763, jiffies 43008514...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: The platformgetirqbyname function returns an integer. If an error occurs, platformgetirqbyname will return a negative value. Therefore, this value should be checked instead of being passed directly into...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: Cleanup in all error paths when enabling SR-IOV After commit 50f303496d92 “igb: Enabling SR-IOV after reinit”, removing the igb module could cause a hang or crash depending on the machine when the module was loaded with t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: EDAC/mc: Fixed the error path ordering in edacmcalloc. When the mci-pvtinfo allocation in edacmcalloc fails, the error path will call putdevice, which will ultimately call the device’s release function. However, the...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: mlxsw: Thermal: Fix for out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: bash cat /sys/class/thermal/thermalzone2/cdev0/type mlxswfan cat...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fixed a NULL pointer derefrence issue in bnxtptpenable during error cleanup. When bnxtinitone fails during initialization e.g., bnxtinitintmode returns -ENODEV, the error handling code calls bnxtfreehwrmresources, which...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: only publishes modedata after clone setup The iptfsclonestate function stores x-modedata before allocating the reorder window. If this allocation fails, the cloned state is freed, and -ENOMEM is returned, leaving...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: power:supply:max77705: Fixed the error handling in the probe function related to the workqueue. The createsinglethreadworkqueue function no longer returns error pointers; instead, it returns NULL. Additionally, the workqueue was...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: A memory leak has been fixed in mlx5efsttredirectanycreate. The memory pointed to by the fs-any pointer is not freed during the error-prone execution of mlx5efsttredirectanycreate, which can lead to a memory leak. This...
Astra Linux - уязвимость в ansible
A flaw was discovered in the ansible-connection module of Ansible Engine, where sensitive information such as Ansible user credentials is disclosed by default in the traceback error message. The greatest threat posed by this vulnerability is related to confidentiality...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: cxl: fixed a possible null-ptr-deref in cxlguestinitafu|adapter. If deviceregister fails in cxlregisterafu|adapter, the device is not added. In this case, deviceunregister cannot be called in the error path. Otherwise, a...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net.manap: Null servicewq on setup error to prevent double destruction. In the managdsetup error path, set gc-servicewq to NULL after destroyworkqueue, to match the cleanup in managdcleanup. This prevents a use-after-free if the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/erdma: Fixed a reference count leak in erdmammap. The function rdmausermmapentryget takes a reference; we should release that reference when it is no longer needed. Add the missing rdmausermmapEntryPut function in the err...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fixed the NFSv4.2 kernel bug at mm/usercopy.c:102. A call to listxattr with a buffer size of 0 returns the actual size of the buffer required for a subsequent call. When size 0, nfs4listxattr does not return an error...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: macvlan: Enforces a consistent minimal MTU. The macvlan mechanism should enforce a minimal MTU of 68, even during link creation. This patch avoids the current behavior, which could lead to crashes in the IPv6 stack if the link is...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ipmi: ssif: Initialize ssifinfo-client early. During the probe for ssifinfo-client, it is dereferenced incorrectly. However, this value is set after some error checking has already been performed. This causes a kernel crash if an...
Astra Linux - уязвимость в apache2
Apache HTTP Server 2.4.52 and earlier fail to close inbound connections when errors occur during the discarding of the request body, exposing the server to HTTP Request Smuggling attacks...