Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RISC-V: trace: fixed the deadlock caused by snapshots with sbiecall. If the functions in sbiecall.c are traceable, the command echo "sbiecall:snapshot" /sys/kernel/tracing/setftracefilter may cause the kernel to enter a deadlock...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: ipv6: Fixed an access bug involving an uninitialized variable in ip6makeskb. Syzbot reported the following bugs: ===================================================== BUG: KMSAN: uninit-value in archatomic64inc...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: venus: Protection against spurious interrupts during probing. Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it’s possible that an interrupt...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: octeontx2-vf: Added a missing “free” field for “allocpercpu”. Added the “freepercpu” field for the allocated “vf-hw.lmtinfo” in order to avoid memory leaks, similar to the “pf-hw.lmtinfo” in...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fixed a potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can come from the user space of the hidraw driver, and is bounded by...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: cachefiles: The issue of incorrect dentry refcount in cachefilescull has been fixed. The patch mentioned below changed cachefilesburyobject to expect 2 references to the ‘rep’ dentry. Three of the caller functions were changed to...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Ring-buffer: Fixed the possibility of dereferencing an uninitialized pointer. There is a pointer called headpage in the function rbmetavalidateevents. This pointer is not initialized at the beginning of the function. This pointer...

Astra Linux - уязвимость в sox

A heap buffer overflow vulnerability was discovered in sox, specifically in the startread function at sox/src/hcom.c:160:41. This flaw can lead to denial of service, code execution, or information disclosure...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: acomp – Fixed CFI failures due to type punning. To avoid crashes when control flow integrity is enabled, ensure that the workspace “stream” uses a consistent type for function calls, and invoke functions through a functio...

Astra Linux - уязвимость в sox

A floating-point exception division by zero issue was discovered in SoX within the readsamples function of the voc.c file. An attacker with a malicious file could cause the application to crash...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: i40e: Fixed the issue where the “vf” variable might be used without initialization in this function. To address the regression introduced by commit 52424f974bc5, which causes servers to hang under very difficult-to-reproduce...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed a out-of-bounds situation in dbSplit. When dmtbudmin is less than zero, it causes errors in later stages. A check was added to return an error beforehand within dbAllocCtl itself...

Astra Linux - уязвимость в qemu

A issue was discovered in QEMU versions 7.1.0 through 8.2.1. The registervfs function in hw/pci/pciesriov.c mishandles the situation where a guest writes a number of NumVFs that is greater than the total number of TotalVFs, resulting in a buffer overflow in VF implementations...

Astra Linux - уязвимость в binutils

A out-of-bounds read flaw was discovered in the parsemodule function in bfd/vms-alpha.c in Binutils...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double-free on error. The error handling path in itsvpeirqdomainalloc causes a double-free when itsvpeinit fails after successfully allocating at least one interrupt. This occurs because...

Astra Linux - уязвимость в faad2

A issue was discovered in faad2 through 2.10.0. A stack-buffer-overflow exists in the function ftypin located in mp4read.c. This allows an attacker to cause code execution...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: The reordering of clock handling and power management in the probe function. The initialization sequence in usbhsprobe needs to be reordered to enable Runtime Power Management PM before accessing registers. Thi...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: RISCV: Fixed sleeping in an invalid context in die. Die can be called within an exception handler, and therefore cannot sleep. However, die uses spinlockt, which can sleep when PREEMPTRT is enabled. This causes the following...

Astra Linux - уязвимость в libsdl1.2, libsdl2

In SDLGetRGB in the video/SDLpixels.c file, there is a heap-based buffer over-read issue in versions from 1.2.15 up to 2.x, and from 2.0.9 onwards...

Astra Linux - уязвимость в node-hosted-git-info

Packages that use hosted-git-info before version 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS attacks due to the regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expressions have a polynomial worst-case time complexity...