6515 matches found
CVE-2026-56209 Libaom: libaom: arbitrary address write via svc layer context oob and cyclic refresh map pointer hijack
An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...
CVE-2026-56209
CVE-2026-56209 concerns libaom’s SVC layer: a missing bounds check in the SVC layer ID control function lets an attacker inject an arbitrary pointer into the cyclic refresh map when processing frames, enabling an encoder to write about 1,200 bytes to attacker-controlled memory. This vulnerability...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: Fixed the issue of releasing pinned pages when iouaddrmap fails. Looking at the error path of iouaddrmap, if we fail to pin the pages for any reason, ret will be set to -EINVAL, and the error handler will not properly...
Astra Linux – Vulnerability in Qemu
A reachable assertion issue was detected in the USB EHCI emulation code of QEMU. This issue can occur during the processing of USB requests due to a faulty handling of the DMA memory map. A malicious privileged user within the guest environment may exploit this flaw to send invalid USB requests,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Misc: pciendpointtest: Fixed the panic that occurs when calling pciendpointtestcopy,write,read The dmamapsingle function does not allow zero-length mappings. This causes a panic. A panic was reported on the arm64 architecture:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: clocksource/drivers/cadence-ttc: Fixed a memory leak in ttctimerprobe. Matching reports: drivers/clocksource/timer-cadence-ttc.c: Line 529, ttctimerprobe; Warning: ‘timerbaseaddr’ from ofiomap is not released on lines...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channel bits when all channels are found. If a USB audio device sets more bits than the number of channels it supports, it may write data outside of the map array...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath10k: Added cleanup of the peer map when deleting a peer in ath10kstastate. When peer deletion fails during a disconnection operation, a use-after-free occurs. This was detected by KFENCE in the log. The reason is that fo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fixed the issue where mr-map was freed twice. The function rxemrcleanup, which attempts to free mr-map again, will be called when rxemrinituser fails. CPU: 0, PID: 4917, Comm: rdmaFlushserv, Kdump: loaded, Not tainted,...
Astra Linux – Vulnerability in Firefox
The sourceMapURL feature in devtools lacked security checks, which would have prevented a webpage from attempting to include local files or other files that should be inaccessible. This vulnerability affects Firefox versions earlier than 99...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Tracing: A overflow issue in getfreeelt has been fixed. The variable tracingmap-nextelt is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracingmap, even though the maximum number of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Zeroing allocated objects from slabs in the BPF memory allocator Currently, the freed elements in the BPF memory allocator may be reused immediately. For the htab map, reusing these elements will reinitialize special fields ...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Ensure that the kthread is running before the map update returns. The following warning was reported when running stress-mode enabled xdpredirectcpu with some RT threads: ---------- Cut here ------------ WARNING: CPU...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix compose-height boundary issue Syzkaller identified a bug: BUG: Unable to handle page faults for address: ffffc9000a3b1000 PF: Supervisor write access in kernel mode PF: Errorcode0x0002 – Not-present page PGD...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not drop the extentmap for free space inode on a write error While running the CI for an unrelated change, I encountered the following panic: with generic/648 on btrfsholesspacecache. Assertion failed: blockstart !=...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Ensure visibility when inserting an element into tracingmap. Running the following two commands in parallel on a multi-processor AArch64 machine may occasionally generate an unexpected warning regarding duplicate...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fixed a use-after-free race condition for maps It is possible that before fastrpcfreemap is called, another thread may call fastrpcmaplookup and obtain a reference to a map that is about to be deleted. The function...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: BPF, sockmap: Do not allow sockmapclose,destroy,unhash to call itself. Proto callback functions in sockmap should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stac...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In statmountstring, most flags assign an output offset pointer offp, which is later updated with the string offset. However, in the cases of STATMOUNTMNTUIDMAP and STATMOUNTMNTGIDMAP, the struct fields are directly set instead of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed a chunk map leak in btrfsmapblock after btrfschunkmapnumcopies. Fixed a chunk map leak in btrfsmapblock: if we return early with -EINVAL, we are not freeing the chunk map that we just looked up...