Astra Linux - уязвимость в busybox

A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function...

Astra Linux - уязвимость в faad2

A issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. This allows an attacker to cause code execution...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: The reordering of clock handling and power management in the probe function. The initialization sequence in usbhsprobe needs to be reordered to enable Runtime Power Management PM before accessing registers. Thi...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ftrace: Avoid potential division by zero in the functionstatshow function. Check whether the denominator expression x x - 1 1000 mod 2^32, 2^64 results in zero, and skip the calculation of stddev in such cases. For now, don’t wor...

Astra Linux - уязвимость в linux-5.10, linux

A denial-of-service DOS issue was detected in the smb2ioctlqueryinfo function of the Linux kernel, within the fs/cifs/smb2ops.c Common Internet File System. This issue arises due to an incorrect return value from the memdupuser function. This flaw allows a local, privileged attacker with...

Astra Linux - уязвимость в sox

A floating-point exception division by zero issue was discovered in SoX within the readsamples function of the voc.c file. An attacker with a malicious file could cause the application to crash...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the issue where the “vf” variable might be used without initialization in this function. To address the regression introduced by commit 52424f974bc5, which causes servers to hang under very difficult-to-reproduce...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в fig2dev

Fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c...

Astra Linux - уязвимость в gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parselrc function within gstsubparse.c. The parselrc function calls strchr to find the character ‘’ in the string line. The pointer returned by this call ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: BPF: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly ensures that indirect function calls use a function pointer type that matches the target function. I encountered the following type...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a slab-out-of-bounds read in eaget During the “sizecheck” step in eaget, the code checks whether the extended attribute list xattr size matches easize. If not, it logs “eaget: invalid extended attribute” and calls...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000 – fixed a potential memory leak in wilcmacxmit The wilcmacxmit function returns NETDEVTXOK without freeing the skb buffer; this issue was addressed by using devkfreeskb to free the buffer. This fix has been tested...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: qcom: Fix potential memory leak The function dwc3qcomprobe allocates memory for the resource structure pointed by the parentres pointer. This memory is not freed, leading to a memory leak. Using stack memory can preven...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor the bind path to use free After a bind/unbind cycle, the ecm-notifyreq remains stale. If a subsequent bind fails, the unified error handling mechanism attempts to free this stale request. This leads to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable the functiongraph tracer when setting the funcgraph-args option. When setting the funcgraph-args option, if the functiongraph tracer is disabled, it incorrectly enables itself. Moreover, it unregisters itsel...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton to prevent conversion to 0-bit quantities Testing conducted by the syzbot fuzzer revealed that the HID core encounters a shift-out-of-bounds exception when it attempts to convert a 32-bit quantity to a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a bug in btf DeclTag when tagging a function. syzbot reported a bug in btf DeclTag with a stack trace as follows: - General protection fault, likely for the non-canonical address 0xdffffc0000000000: 0000 1 PREEMPT SMP...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: Timers: A race condition involving NULL function pointers in timershutdownsync has been fixed. There is a race condition between timershutdownsync and timerexpiration, which can lead to a WARNON being triggered in expiretimers...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: testfirmware: fixed a memory leak in testfirmwareinit. When miscregister failed in testfirmwareinit, the memory pointed to by testfwconfig-name was not released. The memory leak information is as follows: Unreferenced object...