58921 matches found
Astra Linux - уязвимость в node-brace-expansion
A vulnerability was discovered in the juliangruber brace-expansion library up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regular...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an issue where the index out of bounds occurred in the DCN30 degamma hardware format translation. This commit addresses a potential index out of bounds issue in the cm3helpertranslatecurvetodegammahwformat...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: Single issue: fixed the potential NULL dereference in pcsgetfunction. The pinmuxgenericgetfunction function may return NULL, and the pointer “function” was dereferenced without checking against NULL. Added checking of th...
Astra Linux - уязвимость в zziplib
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service through the zzipFetchDiskTrailer function located in the /zzip/zip.c file...
Astra Linux - уязвимость в linux, linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Added handling of aborts in tmrlist that are processed by target core. An abort that is responded to by iSCSI itself is added to tmrlist, but it does not proceed to target core. A LUNRESET that goes through...
Astra Linux - уязвимость в edk2
EDK2 is vulnerable to a vulnerability in the CreateHob function, which allows a user to trigger an integer overflow that leads to a buffer overflow through a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch. At the same time, ffsepfilerelease is called from the user space. ffsepfilerelease...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed GPF in diFree Avoid passing an inode with JFSSBIinode-isb-ipimap == NULL to diFree1. GFP will be returned: struct inode ipimap = JFSSBIip-isb-ipimap; struct inomap imap = JFSIPipimap-iimap; JFSIP will return an...
Astra Linux - уязвимость в binutils
A vulnerability has been identified in GNU Binutils 2.45. The affected component is the vfinfo function in the file ldmisc.c. Executing certain manipulations may lead to out-of-bounds read vulnerabilities. This attack can only be executed locally. The exploit has been made available to the public...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a slab-out-of-bounds read in eaget During the “sizecheck” step in eaget, the code checks whether the extended attribute list xattr size matches easize. If not, it logs “eaget: invalid extended attribute” and calls...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3 – Fixed a kernel crash that occurred when devlink reloaded during pf initialization. The devlink reloading process will access hardware resources, but the register operations are performed before the hardware is...
Astra Linux - уязвимость в zabbix
An attacker who has the privilege to configure Zabbix items can use the icmpping function, along with additional malicious commands, to execute arbitrary code on the current Zabbix server...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed the issue of freeing uninitialized misc IRQ vectors. When the VSI setup failed in i40eprobe, as part of the PF switch setup, the driver tried to free misc IRQ vectors in i40eclearinterruptscheme, resulting in a kernel...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup of partially initialized sync objects occurs during parse failures. The function xesyncentryparse can allocate references such as syncobjs, fences, chain fences, or user fences before encountering subsequent...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: qed/qedsriov: protection against NULL references from qediovgetvfinfo We must ensure that the information returned by the helper function is valid before using it. This issue was identified by the Linux Verification Center...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ocxl: Fix for the PCI device refcount leak when calling getfunction0. getfunction0 calls pcigetdomainbusandslot. As commented, it returns a PCI device with a refcount increment. Therefore, after using this device, pcidevput must ...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: fixed a memory leak in parseapplysbmountoptions If processing the disk-mounted options fails after any memory has been allocated in the ext4FS context, such as for sqfnames, then this memory is leaked. This issue can be fix...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosecishtp: Fixed a UAF issue after unbinding the driver. After unbinding the driver, another kthread named crosecconsolelogwork still accesses the device, leading to a UAF and system crash. The driver does not...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: bpf: Prevent “decltag” from being referenced in “funcproto” arguments. Syzkaller managed to encounter another issue with “decltag”: btffuncprotocheck kernel/bpf/btf.c:4506 inline btfcheckalltypes kernel/bpf/btf.c:4734 inline...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: OPP: Added an index check to ensure no buffer overflow occurs in readfreq. The freq index is passed to the assert function to ensure that we do not read values from the opp-rates table when called from the indexed variants:...