58908 matches found
Astra Linux - уязвимость в faad2
A issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function ltprediction located in ltpredict.c. This allows an attacker to cause code execution...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: x86: stopped the use of stack-based calculations in the profilepc function. The profilepc function is used for timer-based profiling, which isn’t really that relevant anymore. It also makes assumptions about the stack layout that...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fixed overflows in the compensate functions There are cases in the compensate functions of the driver where overflows of variables may occur due to bit shifting operations. These issues were initially...
Astra Linux - уязвимость в sox
A vulnerability was discovered in SoX, where a heap buffer overflow occurs in the startread function in the hcom.c file. This vulnerability can be exploited by using a specially crafted hcomn file, which may cause the application to crash...
Astra Linux - уязвимость в etcd
An authentication vulnerability has been discovered in Etcd-io v.3.4.10. This vulnerability allows remote attackers to escalate privileges through the debug function...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Skip invalid kfunc call in backtrackinsn The verifier skips invalid kfunc calls in checkkfunccall. Such calls would be caught by fixupkfunccall if they are not eliminated through dead code elimination. However, this can lead...
Astra Linux - уязвимость в xorg-server
A heap buffer overflow flaw was discovered in the DisableDevice function of the X.Org server. This issue may cause an application to crash, or in some cases, lead to remote code execution in SSH X11 forwarding environments...
Astra Linux - уязвимость в zlib, libz-mingw-w64
Zlib versions up to 1.2.12 have a heap-based buffer over-read or buffer overflow issue in the inflate function within inflate.c, due to a large gzip header extra field. NOTE: Only applications that call inflateGetHeader are affected. Some common applications bundle the affected Zlib source code,...
Astra Linux - уязвимость в hdf5
A issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5ACunpinentry, located in H5AC.c. This allows an attacker to cause a Denial of Service attack...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: NFS: Fixed the filehandle bounds checking in nfsfhtodentry. The function needs to check the minimum filehandle length before it can access the embedded filehandle...
Astra Linux - уязвимость в ffmpeg
An integer overflow vulnerability exists in the avtimecodemakestring function in libavutil/timecode.c within FFmpeg version 4.3.2. This vulnerability allows local attackers to cause a Denial-of-Service DoS attack through a crafted .mov file...
Astra Linux - уязвимость в avahi
A vulnerability was discovered in Avahi. There exists a potentially exploitable assertion in the avahiescapelabel function...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnllock that causes deadlock The commit 6faee3d4ee8b "igb: Add lock to avoid data race" adds rtnllock to eliminate a false data race shown below FREE from device detaching | USE from netdev core igbremove |...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the issue of freeing uninitialized misc IRQ vectors. When the VSI setup failed in i40eprobe, as part of the PF switch setup, the driver tried to free misc IRQ vectors in i40eclearinterruptscheme, resulting in a kernel...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: protection against NULL references from qediovgetvfinfo We must ensure that the information returned by the helper function is valid before using it. This issue was identified by the Linux Verification Center...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ocxl: Fix for the PCI device refcount leak when calling getfunction0. getfunction0 calls pcigetdomainbusandslot. As commented, it returns a PCI device with a refcount increment. Therefore, after using this device, pcidevput must ...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, leading to a UAF and system crash. The driver does not...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Issue: unittest – Fix null pointer dereferencing in ofunittestfindnodebyname Description: When kmalloc fails to allocate memory in kasprintf, name or fullname will be NULL, and strcmp will cause a null pointer dereference...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf The perfenvinsertbtf function does not insert entries if a duplicate BTF ID is encountered, which can lead to a memory leak. The function should now return a success/error value; ...