Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed incorrect descriptor freeing behavior. ENA has two types of TX queues: - Queues that only process TX packets arriving from the network stack. - Queues that only process TX packets forwarded to them by XDPREDIRECT ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: - ice: fixed the memory leak in the eswitch code during the reset scenario. A simple eswitch mode checker has been added to the procedure for attaching VFs. Required port representative memory structures are allocated only in...

Astra Linux - уязвимость в glibc

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc from version 2.34 onwards copies the path argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the applicati...

Astra Linux - уязвимость в node-minimist

Minimist =1.2.5 is vulnerable to Prototype Pollution through the file index.js, the function setKey lines 69-95...

Astra Linux - уязвимость в libsdl1.2

SDL Simple DirectMediaLayer from version 1.2.15 to 2.x, and from 2.0.9 to 2.0.9, has a heap-based buffer overflow issue in the SDLFillRect function within the video/SDLsurface.c file...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF A hung task trace was observed during LOGO processing. 974.309060 0000:00:00.0: qedfehdevicereset:868: 1:0:2:0: LUN RESET issued… 974.309065 0000:00:00.0:...

Astra Linux - уязвимость в libwebp

A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the ShiftBytes function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: bugfix for live migration function without VF device driver If the VF device driver is not loaded in the Guest OS and we attempt to perform device data migration, the address of the migrated data will be NULL. The...

Astra Linux - уязвимость в dcmtk

There is an improper array index validation vulnerability in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9khtc: Use skbsetlength to reset urb before resubmitting it. Syzbot points out that skbtrim has a sanity check on the existing length of the skb; this length might not be initialized in some error-prone situations. The...

Astra Linux - уязвимость в dcmtk

There is an improper array index validation vulnerability in the nowindow functionality of OFFIS DCMT 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: Set priv-pdev before using it. The priv-pdev pointer was set after being used in fslasoccardaudmuxinit. This assignment should be moved to the beginning of the probe function, so that sub-functions can...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: udf: Fixed the issue of discarding data before allocation at the indirect extent boundary. When the preallocation extent is the first one in the extent block, the code would corrupt the extent tree header instead. This issue has...

Astra Linux - уязвимость в apr-util

An integer overflow or wrap-around vulnerability in the aprbase64 functions of the Apache Portable Runtime Utility APR-util allows an attacker to write beyond the bounds of a buffer. This issue affects Apache Portable Runtime Utility APR-util version 1.6.1 and earlier...

Astra Linux - уязвимость в exiv2

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service DOS...

Astra Linux - уязвимость в sox

The readsamples function in hcom.c in Sound eXchange SoX 14.4.2 allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted hcom file...

Astra Linux - уязвимость в mariadb-10.3

It has been discovered that MariaDB Server v10.6.3 and earlier contains a use-after-free in the Itemfuncin::cleanup component, which can be exploited through specially crafted SQL statements...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: pinctrl: Check the return value of pinmuxops::getfunctionname. While the API contract in the documentation does not explicitly specify this, the generic implementation of the getfunctionname callback from struct pinmuxops –...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ICE: Fix for the crash in the ethtool offline loopback test. Since the conversion of ICE to page pool, the ethtool loopback test crashes. BUG: Kernel NULL pointer dereference, address: 000000000000000c PF: Supervisor write access...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Do not attempt to trigger a full GT reset if there is a VF involved. VFs do not have access to the GDRST0x941c register, which is used by the driver to reset the GT. Attempt to trigger a reset using debugfs: bash $ cat...