224336 matches found
Astra Linux - уязвимость в linux, linux-5.10
A use-after-free flaw was discovered in fs/ext4/namei.c:dxinsertblock, within the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with user privileges to cause a denial of service...
Astra Linux - уязвимость в linux, linux-5.10
A flaw was discovered in the sctpmakestrresetreq function within the net/sctp/smmakechunk.c file, located in the SCTP network protocol in the Linux kernel. This flaw involves attempting to use more buffer space than is allocated, which triggers a BUGON issue, resulting in a denial of service DOS...
Astra Linux - уязвимость в linux
In drivers/char/virtioconsole.c in the Linux kernel before 5.13.4, data corruption or loss can occur when a trustedless device provides a buf-len value that exceeds the buffer size. NOTE: the vendor indicates that the mentioned data corruption is not a vulnerability in any existing use case; the...
Astra Linux - уязвимость в linux, linux-5.10
A memory leak flaw was discovered in the Linux kernel within the ccprunaesgcmcmd function in drivers/crypto/ccp/ccp-ops.c. This flaw allows attackers to cause a denial of service attack due to excessive memory consumption. This vulnerability is similar to the older CVE-2019-18808...
Astra Linux - уязвимость в linux, linux-5.10
A race condition accessing file objects in the Linux kernel OverlayFS subsystem was identified. This occurs when users renames files using OverlayFS in a specific manner. A local user could exploit this flaw to cause the system to crash...
Astra Linux - уязвимость в linux, linux-5.10
A flaw was discovered in the s390 eBPF JIT mechanism within bpfjitinsn in the arch/s390/net/bpfjitcomp.c file of the Linux kernel. In this flaw, a local attacker with special user privileges can bypass the verifier, potentially leading to confidentiality issues...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: wed: Use the proper wed reference in mt76 wed driver calls. The MT7996 driver can use both wed and wedhif2 devices to offload traffic from/to the wireless NIC. In the current codebase, we assume to always use the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Tracing: Ring-buffer: A fix was made to check the length of events before using them. Check the length of events before adding them for accessing the next index in rbreaddatabuffer. Since this function is used to validate possibl...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A use-after-free vulnerability exists in the Linux kernel’s net/sched:clsu32 component, which can be exploited to gain local privilege escalation. If the tcfchangeindev function fails, u32setparms will immediately return an error after incrementing or decrementing the reference counter in...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A use-after-free flaw was discovered in vcsread in drivers/tty/vt/vc-screen.c within vc-screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A use-after-free vulnerability exists in the Linux kernel’s net/sched:clsu32 component, which can be exploited to achieve local privilege escalation. When the u32change function is called on an existing filter, the entire tcfresult struct is always copied into the new instance of the filter. This...
Astra Linux - уязвимость в linux-5.10, linux-5.15
A use-after-free vulnerability in the Linux kernel’s netfilter:nftables component can be exploited to achieve local privilege escalation. When nftablesdelrule is flushing table rules, it does not check whether the chain is bound, and the owner rule of the chain may also release objects under...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15
A out-of-bounds memory access flaw was discovered in the Linux kernel, specifically in the relayfilereadstartpos function within kernel/relay.c in relayfs. This flaw could allow a local attacker to crash the system or leak internal kernel information...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A hash collision flaw was discovered in the IPv6 connection lookup table within the Linux kernel’s IPv6 functionality. This flaw occurs when a user carries out a new type of SYN flood attack. A user located within the local network or with a high-bandwidth connection can cause the CPU usage of th...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
A Null pointer dereference problem was detected in idafree in lib/idr.c within the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a lack of proper checks at function returns...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchRules, if imafilterruleMatch returns -ENOENT due to the rule being NULL, the function incorrectly skips the if !rc check and sets result = true. The LSM rule is...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The handling of the pcichanneliofrozen case is now performed only in amdgpupciresume. In current code, when a PCI error state pcichannelionormal is detected, it will report the PCIERSRESULTCANRECOVER status to the PCI...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in the abort path When adding or removing controllers, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dmafree attrs+0x33/0x50 CPU:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Audit: Added missing syscalls to the read class. The “at” variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rule...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn – Rejects AADs that are too short assoclen 8 to match the ESP/ESN specification. authencesn assumes that the AAD is in the ESP/ESN format. When the length of assoclen is shorter than the minimum expected length...