22783 matches found
Astra Linux – Vulnerability in Linux 5.15
A memory leak flaw was discovered in nftsetcatchallflush in net/netfilter/nftablesapi.c within the Linux Kernel. This issue may allow a local attacker to cause double-deactivation of catchall elements, which can lead to a memory leak...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A use-after-free vulnerability in the Linux kernel’s afunix component can be exploited to achieve local privilege escalation. The unixstreamsendpage function attempts to add data to the last skb in the peer’s recv queue without locking the queue. This creates a race condition where...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A use-after-free vulnerability exists in the Linux kernel’s net/sched: schhfsc HFSC qdisc traffic control component, which can be exploited to achieve local privilege escalation. If a class with a link-sharing curve i.e., with the HFSCFSC flag set has a parent without a link-sharing curve, then...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes – Fix for buffer overreading in CTR mode When processing the last block, the s390 CTR code will always read a whole block, even if there is no data left in that block. This issue is fixed by using the actual...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added missing error checks to ctlget The ctlget functions that call scarlett2update did not check the return value. This issue has been fixed by adding error checks and passing the return value to the caller...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fixed NULL dereference bugs with drmdbg calls When the i915 perf interface is not available, dereferencing it will result in NULL references. Returning -ENOTSUPP is quite clear; a return value should be returned when t...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Validates the session ID and tree ID in a compound request. This patch validates the session ID and tree ID within a compound request. If the first operation in the compound is an SMB2 ECHO request, ksmbd bypasses the...
Astra Linux – Vulnerability in Linux 5.15
A out-of-bounds memory read flaw was discovered in the parseleasestate function within the KSMBD implementation of the in-kernel Samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command along with a malformed payload to KSMBD, due to a lack of checks on the NameOffset...
Astra Linux – Vulnerability in ffmpeg, ffmpeg5
The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through a floating-point exception error at libavfilter/vfminterpolate.c:1078:60 in interpolate...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host – Fixed the dereference issue in the DDMA completion flow. The dereference issue in the DDMA completion flow has been addressed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: selinux: fixed a memory leak in the securityreadstatekernel function. In this function, it directly returns the result of securityreadpolicy without freeing the allocated memory in data, which could lead to a memory leak...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mtd: maps: The refcount leak in offlashprobeversatile has been fixed. The function offindmatchingnodeandmatch returns a node pointer with a refcount incremented. We should use ofnodeput on this pointer when it is no longer needed...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: iio: light: isl29028: Fixed the warning in isl29028remove The driver uses a non-managed form of the register function in isl29028remove. To maintain the release order that mirrors the ordering in probe, the driver should also use...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: soc: amlogic: Fixed a refcount leak in meson-secure-pwrc.c. In mesonsecurepwrcprobe, there is a refcount leak in one fail path...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ubifs: The function to set the “uptodate” flag of a page should be called at the correct location. Read operations from the page cache are lock-free. Therefore, setting the newly allocated “uptodate” flag before overwriting the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Watchdog: sp5100tco – A memory leak in the EFCH MMIO resource has been fixed. Unlike releasememregion, a call to releaseresource does not free the resource automatically; therefore, it must be freed explicitly to avoid a memor...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Optimized the process of clearing pending PMI values and removed the WARNON for the PMI check in powerpmudisable. The commit 2c9ac51b850d “powerpc/perf: Fix PMU callbacks to clear pending PMI values before resetting...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a NULL pointer dereferencing issue in smb2getinfofilesystem. If share is provided, share-path will be NULL, which can lead to a NULL pointer dereferencing issue...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Binder: Fixed the issue where dereferencing the null-ptr variable occurred unexpectedly. Syzbot reported several issues introduced by commit 44e602b4e52f „binderalloc: added missing mmaplock calls when using VMA”. In these...
Astra Linux – Vulnerability in Python-Django
A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The urlize and urlizetrunc template filters are vulnerable to a denial-of-service attack due to very large inputs containing a specific sequence of characters...