Astra Linux - уязвимость в underscore

The package underscore from 1.13.0-0 and before 1.13.0-2, as well as from 1.3.2 and before 1.12.1, are vulnerable to Arbitrary Code Injection via the template function, especially when a variable property is passed as an argument without proper sanitization...

Astra Linux - уязвимость в qemu

A reentrancy issue was discovered in the NVM Express Controller NVME emulation in QEMU. This CVE is similar to CVE-2021-3750. Just like in that case, when the reentrancy trigger the reset function nvmectrlreset, data structures will be freed, leading to a use-after-free vulnerability. A malicious...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: i40e: Fixed NULL pointer dereferencing in i40edbgdumpdesc. When attempting to dump VFs using debugfs, a crash occurred due to NULL pointer dereferencing in i40edbgdumpdesc. A check was added to i40edbgdumpdesc to ensure that the...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to read out-of-bounds data or cause the server to crash, resulting in a denial of service attack. This vulnerability exists in all...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed a race condition between disabling DIM and netdim There’s a race condition between disabling DIM and NAPI callbacks that use the dim pointer on the RQ or SQ. If NAPI checks the DIM state bit and finds it still se...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: stratix10-svc: Fixed a potential resource leak in svccreatememorypool. The svccreatememorypool function is only called from stratix10svcdrvprobe. Most of the resources within the probe are managed, but this memremap...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: can:bcm:bcmtxsetup: fixed the KMSAN uninit-value issue in vfswrite. Syzkaller reported the following issues: ===================================================== BUG: KMSAN: uninit-value in aiorwdone, file fs/aio.c:1520 inlin...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: ice: Check the VF VSI Pointer Value in icevcaddfdirfltr. As mentioned in the commit baeb705fd6a7 “ice: Always check the VF VSI Pointer Values”, we need to perform a null pointer check on the return value of icegetvfvsi before usi...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fixed an NPE in gncmBind. The commit 56a512a9b410 “usb: gadget: fncm: Aligned netdevice lifecycle with bind/unbind” deferred the allocation of the netdevice. This change results in a NULL pointer derefrence in t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: The parent reference count is dropped after pdfreefn is called. Some cgroup policies will access the parent PD through the child PD even after pdofflinefn is called. If pdfreefn for the parent is called before that fo...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: vfio: Split migration operations from main device operations. The vfio core checks whether the driver sets certain migration operations e.g., setstate/getstate, and accordingly calls those operations. However, currently the ml...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed an issue where an index out of bounds occurred in the DCN30 color transformation. This commit addresses a potential index out of bounds issue in the cm3helpertranslatecurvetoHWformat function within the...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed a potential index out of bounds issue in the color transformation function. The issue of index out of bounds occurred when the index ‘i’ exceeded the number of transfer function points TRANSFERFUNCPOINTS...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5e: Fixed handling of incorrect devices during the bond netevent processing. The current implementation of the bond netevent handler only checks whether the handled netdev is a VF representative. However, there is no...

Astra Linux - уязвимость в ffmpeg, ffmpeg5

The Ffmpeg v.N113007-g8d24a28d06 contains a buffer overflow vulnerability that allows a local attacker to execute arbitrary code through a floating-point exception error at libavfilter/vfminterpolate.c:1078:60 in interpolate...

Astra Linux - уязвимость в binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: x86/mm: Ensure that the input to pfntokaddr is treated as a 64-bit type. On 64-bit platforms, the pfntokaddr macro requires that the input value be 64 bits. This is to prevent valid address bits from being lost when shifting the...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: sfc: Fixed an issue where a use-after-free occurred when disabling SRIOV. The use-after-free is detected by kfence when disabling SRIOV. What was read after being freed was vf-pcidev: it was freed from pcidisablesriov, and lat...

Astra Linux - уязвимость в node-es5-ext

es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into functioncopy or functiontoStringTokens may cause the script to stall. This vulnerability has been fixed in v0.10.63...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: ffs: The ffsdataclear function must clear the ffseventfd. This function is indirectly called from both ffsfskillsb and ffsep0release. As a result, it is called twice—once when the userland process closes ep0 and...