58908 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock The smpcallfunction always runs its callback in a hard IRQ context, even when PREEMPTRT is enabled, where spinlocks may be in a sleeping state. Therefore, we need to use a raw spinloc...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fixed a false positive caused by MTE Memory Tagging Extension in dokrealloc. This patch addresses an issue introduced by commit 1a83a716ec233, which causes MTE to falsely report a slab-out-of-bounds error. The probl...
Astra Linux - уязвимость в busybox
A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function...
Astra Linux - уязвимость в glibc
The wordexp function in the GNU C Library also known as glibc, up to version 2.33, may crash or access arbitrary memory during the parseparam function located in posix/wordexp.c when called with an untrusted, crafted pattern. This could potentially lead to a denial of service or the disclosure of...
Astra Linux - уязвимость в linux, linux-5.10
A vulnerability, classified as critical, has been discovered in the Linux kernel. The affected component is the deltimer function in the file drivers/isdn/mISDN/l1oipcore.c of the Bluetooth module. This vulnerability allows for manipulation leading to memory deallocation after it has been freed. ...
Astra Linux - уязвимость в tiff
A buffer overflow vulnerability has been discovered in Libtiff V.4.0.7. This vulnerability allows a local attacker to cause a denial of service through the tiffcp function in tiffcp.c...
Astra Linux - уязвимость в xrdp
xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. Version 0.9.21 and earlier of xrdp contains a buffer overflow vulnerability in the xrdpmmtransprocessdrdynvcchannelclose function. There are no known solutions to thi...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel before version 5.16.3, the driver/bluetooth/hciqca.c file misinterprets the return value of devmgpiodgetindexoptional. It expects the return value to be NULL in the error case, but in reality, it is an error pointer...
Astra Linux - уязвимость в ffmpeg
A denial-of-service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ffframepoolget function in framepool.c...
Astra Linux - уязвимость в linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: i40e: Do not allow untrusted VFs to remove the administratively set MAC address. Currently, when a PF Powerful User administratively sets the MAC address of a VF, and the VF is disabled the VF attempts to delete all MAC addresses...
Astra Linux - уязвимость в zabbix
An attacker who has the privilege to configure Zabbix items can use the icmpping function, along with additional malicious commands, to execute arbitrary code on the current Zabbix server...
Astra Linux - уязвимость в node-brace-expansion
A vulnerability was discovered in the juliangruber brace-expansion library up to versions 1.1.11/2.0.1/3.0.0/4.0.0. This issue has been identified as problematic. The affected function is the “expand” function of the file index.js. Manipulation of this function leads to inefficient use of regular...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed an issue where the index out of bounds occurred in the DCN30 degamma hardware format translation. This commit addresses a potential index out of bounds issue in the cm3helpertranslatecurvetodegammahwformat...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: Single issue: fixed the potential NULL dereference in pcsgetfunction. The pinmuxgenericgetfunction function may return NULL, and the pointer “function” was dereferenced without checking against NULL. Added checking of th...
Astra Linux - уязвимость в zziplib
A Stack Buffer Overflow vulnerability in zziplibv 0.13.77 allows attackers to cause a denial of service through the zzipFetchDiskTrailer function located in the /zzip/zip.c file...
Astra Linux - уязвимость в linux, linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Added handling of aborts in tmrlist that are processed by target core. An abort that is responded to by iSCSI itself is added to tmrlist, but it does not proceed to target core. A LUNRESET that goes through...
Astra Linux - уязвимость в edk2
EDK2 is vulnerable to a vulnerability in the CreateHob function, which allows a user to trigger an integer overflow that leads to a buffer overflow through a local network. Successful exploitation of this vulnerability may result in compromises of confidentiality, integrity, and/or availability...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: usb: ffs: Fix use-after-free for epfile Consider a case where ffsfuncepsdisable is called from ffsfuncdisable as part of the composition switch. At the same time, ffsepfilerelease is called from the user space. ffsepfilerelease...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: jfs: fixed GPF in diFree Avoid passing an inode with JFSSBIinode-isb-ipimap == NULL to diFree1. GFP will be returned: struct inode ipimap = JFSSBIip-isb-ipimap; struct inomap imap = JFSIPipimap-iimap; JFSIP will return an...
Astra Linux - уязвимость в binutils
A vulnerability has been identified in GNU Binutils 2.45. The affected component is the vfinfo function in the file ldmisc.c. Executing certain manipulations may lead to out-of-bounds read vulnerabilities. This attack can only be executed locally. The exploit has been made available to the public...