62154 matches found
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use accesswidth instead of bitwidth for system memory accesses To align with ACPI 6.3+, since bitwidth can be any 8-bit value, it cannot be relied upon to always be at a clean 8-bit boundary. This issue was discovered...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also contain a call to dput; otherwise, a memory leak will occur over time. To simplify things, simply call...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: HID: corsair-void: Added missing delayed work cancellation for headset status. The call to canceldelayedworksync was missed, resulting in a use-after-free in corsairvoidremove...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: spi: Fixed a use-after-free of the addlock mutex Commit 6098475d4cb4 “spi: Fixed a deadlock when adding SPI controllers on SPI buses” introduced a per-controller mutex. However, the mutexunlock call for that lock occurs after the...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: Invalid parameter check in msmdsiPhyEnable The function performs a check on the “phy” input parameter, however, it is used before the check. The “dev” variable is initialized after the sanity check to avoid a possibl...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: sis: An error will occur if pixclock equals zero. The user-space program can pass any value to the driver through the ioctl interface. If the driver does not check the value of pixclock, it may lead to a divide-by-zero...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: i915/perf: Fixed NULL dereference bugs with drmdbg calls When the i915 perf interface is not available, dereferencing it will result in NULL references. Returning -ENOTSUPP is a clear indication of a return value when the perf...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove the WQMEMRECLAIM flag from the state workqueue. A recent change created a dedicated workqueue for the state-change work, with WQHIGHPRI and WQMEMRECLAIM flags. However, the state-change work...
Astra Linux - уязвимость в chromium
Before version 91.0.4472.77, using “after free” in the WebUI in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в chromium
In the UI framework of Google Chrome, using “after free” before version 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: A memory leak has been fixed in the mhimbimdellink function. The MHI driver registers the network device without setting the needsfreenetdev flag. Additionally, it does not call freenetdev when unregistering the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: added an atomiccheck to bridge ops. The DRM committails function will disable the downstream crtc/encoder/bridge if both conditions are required, and crtc-active will be set before pushing a new frame downstream. Ther...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ACPI: PPTT: Fixed an issue that caused sleep in the atomic context when PPTT is absent. The commit 0c80f9e165f8 “ACPI: PPTT: Leave the table mapped for the runtime usage” fixes this issue by enabling the mapping of PPTT once duri...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerabilities have been resolved: ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS UBSAN reports an array-index-out-of-bounds error: 1.980703 kernel: UBSAN: array-index-out-of-bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: serial: max310x: fixed NULL pointer dereferencing in I2C instantiation When attempting to instantiate a max14830 device from userspace: echo max14830 0x60 /sys/bus/i2c/devices/i2c-2/newdevice the following error occurs: Unable...
Astra Linux - уязвимость в linux-5.10, linux, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype changes with mesh ID changes It is currently possible to change the mesh ID when the interface is not yet in mesh mode, while also changing it into mesh mode. This leads to an overwrite of data in the...
Astra Linux - уязвимость в python3.7, php7.3
The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: powercap: armscmi: Recursion during zone parsing was removed. Powercap zones are defined as being arranged in a hierarchical tree structure. When registering a zone using powercapregisterzone, the kernel’s powercap subsystem...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQMEMRECLAIM from storvscerrorwq The storvscerrorwq workqueue should not be marked as WQMEMRECLAIM, as it does not need to retain the status of forward progress under memory pressure. Marking this workqueue ...