Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/smc: fixed the issue where NULL sndbufdesc was used in smccdctxhandler. When performing a stress test on SMC-R using the rmmod mlx5ib driver during the wrk/nginx test, we found that there is a possibility of triggering a pani...

Astra Linux - уязвимость в jetty9

In Eclipse Jetty versions 9.2.26 and earlier, 9.3.25 and earlier, as well as 9.4.15 and earlier, the server is vulnerable to XSS attacks if a remote client uses a specially formatted URL against the DefaultServlet or ResourceHandler that is configured to display a listing of directory contents...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A flaw was discovered in the udmabuf device driver of the Linux kernel. The specific flaw resides within a fault handler. The issue arises due to the lack of proper validation of user-supplied data, which can lead to a memory access beyond the end of an array. An attacker can exploit this...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Separate handlers are used for interrupts. The interrupt vector from PF to AF, and the interrupt vector from VF to AF, both use the same interrupt handler. This causes a race condition. When two interrupts are raise...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close netlink supports iterative dumping of data. It provides the following operations: - start – Optional Initiates the dumping process. - dump – The actual dumping process; this...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

There are use-after-free vulnerabilities caused by a timer handler in the net/rose/rosetimer.c file of Linux, which allow attackers to crash the Linux kernel without any privileges...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: The spinlock is used as a lock for protecting the context list. Previously, a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: cdnsp: Fixed a deadlock issue in cdnspthreadirqhandler. The patch fixes the following critical issue caused by deadlock, which was detected during testing of the NCM class: - smp: csd: A non-responsive CSD lock 1 was...

Astra Linux - уязвимость в firefox

When opening a website using the firefox:// protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox versions 123...

Astra Linux - уязвимость в linux-5.15

A flaw was discovered in KVM AMD Secure Encrypted Virtualization SEV within the Linux kernel. A KVM guest that uses SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler...

Astra Linux - уязвимость в linux-5.15, linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Regulator: da9211 – Use the irq handler when ready. If the system does not start from a reset state such as when it is in kexec mode, the regulator might have an IRQ waiting for processing. If we enable the IRQ handler before its...

Astra Linux - уязвимость в linux, linux-5.15

A vulnerability has been identified in the Linux kernel and is classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the IPv6 Handler component. The vulnerability causes a race condition. It is recommended that a patch be applied to address this issue...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: Video – Fix for a use-after-free in acpivideoswitchbrightness The switchbrightnesswork delayed work accesses to device-brightness and device-backlight, which were freed by acpivideodevunregisterbacklight during device...

Astra Linux - уязвимость в firefox

Firefox typically asks for confirmation before requesting the operating system to find an application to handle schemes that the browser does not support. It did not ask for confirmation before handling Usenet-related schemes such as news: and snews:. Since most operating systems do not have a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: hi846: Fixed a memory leak in hi846initcontrols The hi846initcontrols function does not clean up the allocated ctrlhdlr resources in case of a failure, which leads to a memory leak. Added v4l2ctrlhandlerfree to properly fr...

Astra Linux - уязвимость в golang-golang-x-net

A request smuggling attack is possible when using MaxBytesHandler. When using MaxBytesHandler, the body of an HTTP request is not fully consumed. When the server attempts to read HTTP2 frames from the connection, it will instead be reading the body of the HTTP request, which can be manipulated by...

Astra Linux - уязвимость в thunderbird, firefox

A web page could trick users into setting that site as the default handler for a custom URL protocol. This vulnerability was fixed in Firefox 136, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

Astra Linux - уязвимость в exim4

A vulnerability was discovered in Exim and has been classified as problematic. This issue affects certain aspects of the component Regex Handler’s processing. The vulnerability results in memory leaks after the component is freed from memory. The name of the patch is...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. The component affected by this vulnerability is the “ipv6renewoptions” function within the IPv6 handler. This vulnerability causes a memory leak. The attack can be launched remotely. It is recommended th...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qlt24xxhandleabts The commit 8f394da36a36 “scsi: qla2xxx: Drop TARGETSCFLOOKUPLUNFROMTAG” caused the qlt24xxhandleabts function to return early if tcmqla2xxxfindcmdbytag failed to find a command...