Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow prior to version 10.0.0. It is a denial-of-service attack where memory is uncontrollably allocated to processing a given task, potentially causing a service to crash due to running out of memory. This occurs for truetype in ImageFont when textlength in an ImageDra...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/buddy: Fixed the error handling code for allocrange. A few users have reported display corruption when booting the machine into KDE Plasma or playing games. We identified a problem where, whenever allocrange failed to find th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: igb: Fixed string truncation warnings in igbsetfwversion. Commit 1978d3ead82c “intel: fixed string truncation warnings” fixes the warning “-Wformat-truncation=” in igbmain.c by using kasprintf. In...

Astra Linux - уязвимость в firefox

A memory allocation check was missing, which could lead to a “use-after-free” error if the allocation failed. This could potentially trigger a crash or be exploited to achieve code execution. This vulnerability affects Firefox versions less than 126...

Astra Linux - уязвимость в imlib2

It was discovered that imlib2 v1.9.1 mishandles memory allocation in the initimlibfonts function...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions improperly handle XML entities, resulting in an infinite loop where memory allocation occurs...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Networking: dsa: felix: fixed the possible dereferencing of a NULL pointer. As a possible failure during allocation, kzalloc may return a NULL pointer. Therefore, it is better to check for the value of 'sgi' to prevent the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fixed an overflow issue when dealing with long HMAC keys. When a key that is longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: PCI: ofproperty: Return error for intmap allocation failure The “ENOMEM” return value occurs when kcalloc fails to prevent a NULL pointer dereferencing in this case. bhelgaas: commit log...

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: vhost/vsock: Use kvmalloc/kvfree for larger packets. When copying a large file via sftp using vsock, the data size is usually 32 kB. In such cases, kmalloc seems to fail when attempting to allocate 32 32 kB regions. vhost-5837...

Astra Linux - уязвимость в linux-5.10

A issue was discovered in the Linux kernel through version 5.16-rc6. The ef100updatestats function in drivers/net/ethernet/sfc/ef100nic.c lacks a check for the return value of kmalloc...

Astra Linux - уязвимость в linux-5.10

A issue was discovered in the Linux kernel through version 5.16-rc6. The lkdtmARRAYBOUNDS function in drivers/misc/lkdtm/bugs.c lacks a check for the return value of kmalloc, which can lead to a null pointer derefrence...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/xe/migrate: prevents infinite recursion. If the buf + offset is not aligned to XECAHELINEBYTES, we fall back to using a bounce buffer. However, the bounce buffer is allocated on the stack, and the only alignment requirement...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for a null return from devmkcalloc. Due to the potential failure of the allocation, data-domains might be a NULL pointer, and this could lead to the dereferencing of a NULL pointer later. Therefore, it mig...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb: Fixed a potential NULL dereferencing on a kmalloc failure. Avoid potential NULL pointer dereferences by checking the return value of kmalloc and properly handling allocation failures...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: capabilities: A potential memory leak was fixed in the error path of vfsgetxattralloc. In capinodegetsecurity, we use vfsgetxattralloc to complete the memory allocation of tmpbuf. If we have completed the memory allocation of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list The struct sdcacontrol structure declares the “values” field as an integer array. However, the memory allocated for this field is actually a char array. This causes a...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrementing rereceiving on early exit paths In cases where rpcrdmapostrecvs fails to create a work request due to memory allocation failures, for example or exits early, we should decrement ep-rereceiving before...

Astra Linux - уязвимость в libvirt

A flaw was discovered in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before performing the negative length check by the C API entry points. Passing a negative length to the gnew0 function results in a crash because the negative length is treate...

Astra Linux - уязвимость в u-boot

Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur due to a crafted squashfs filesystem using sbrk, request2size, or because ptrdifft is mishandled on x8664...