11901 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iiosimplydummybuffer: fixed the information leak in the triggered buffer. The data array is allocated using kmalloc, and it is used to push data to user space from the triggered buffer. However, it does not set values...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Input: uinput – rejects requests with an unreasonable number of slots. When using uinput, the syzkaller may attempt to set up a device with a very large number of slots, leading to a memory allocation failure in inputmtinitslots...
Astra Linux - уязвимость в libstb
STBVorbis is a single-file library licensed under MIT, designed for processing OGG Vorbis files. A properly crafted file may cause a memory allocation failure in the startdecoder function. In such cases, the function returns early; f-commentlist is set to NULL, but f-commentlistlength is not rese...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: afalg – Zero initialize memory allocated via sockkmalloc Several crypto user API contexts and requests that were allocated using sockkmalloc were left uninitialized. This caused problems as callers had to explicitly set t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: lib/alloctag: Do not acquire a non-existent lock in alloctagtopusers. alloctagtopusers attempts to lock alloctagcttype-modlock, even when alloctagcttype is not allocated. This occurs because: 1. Allocating tags is disabled since...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: The block: mark GFPNOIO around sysfs-store has been fixed. sysfs-store is called with the queue frozen. Meanwhile, there are several -store callbacks such as updatenrrequests, wbt, scheduler that use GFPKERNEL to allocate memory...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Allocate memory before using it. KMSAN reports: Multiple uninitialized values were detected: - KMSAN: uninit-value in ntfsreadhdr 3 - KMSAN: uninit-value in bcmp 3 Memory is allocated by getname, which is a wrapper f...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: power: supply: fixed null pointer dereferencing in powersupplygetbatteryinfo. When kmalloc fails to allocate memory in kasprintf, propname will be NULL. The strcmp function called by ofgetproperty will cause a null pointer...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fix DMA corruption on long hmac keys When a key longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be rounded to the DMA cache...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Net: Atlantic: Eliminated double-free operations in error handling logic. The driver has a logic flaw in ring data allocation/free. In this flaw, the aqringfree function may be called multiple times within the same ring. If th...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Memory allocation should be avoided in iommususpend. The iommususpend system call’s suspend callback is invoked with IRQs disabled. allocating memory using the GFPKERNEL flag may re-enable IRQs during the suspend...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fix for kernel crash during resume Currently, during resume, the QMI target memory is not handled properly. This results in a kernel crash if DMA remap is not supported: BUG: Incorrect page state in process...
Astra Linux - уязвимость в firefox, thunderbird
Assuming a controlled failed memory allocation, an attacker could cause a use-after-free, resulting in a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6...
Astra Linux - уязвимость в tiff
A null pointer dereference flaw was detected in Libtiff through the tifdirinfo.c file. This issue may allow an attacker to trigger memory allocation failures through certain methods, such as restricting the heap space size or injecting faults, resulting in a segmentation fault. This can cause the...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc in lpfcsli4cgnparamsread If kzalloc fails in lpfcsli4cgnparamsread, then we rely on lpfcreadobject’s routine to perform a NULL check on pdata. Currently, an early return error is thrown from lpfcreadobje...
Astra Linux - уязвимость в firefox
A memory allocation check was missing, which could lead to a “use-after-free” error if the allocation failed. This could potentially trigger a crash or be exploited to achieve code execution. This vulnerability affects Firefox versions less than 126...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a potential memory leak in DMUB hwinit Why When resuming, we perform DMUB hwinit, which allocates memory using dmresume-dmdmubhwinit-dcdmubsrvcreate-kzalloc. This can lead to a memory leak in suspend/resume...
Astra Linux - уязвимость в imlib2
It was discovered that imlib2 v1.9.1 mishandles memory allocation in the initimlibfonts function...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: kunit: Executor: Fixed a memory leak in cases where kunitfiltertests fails. It is possible that memory allocation for the “filtered” data may fail, but the copy of the suite may still succeed. In such cases, the “copy” data might...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: igb: Fixed string truncation warnings in igbsetfwversion. Commit 1978d3ead82c “intel: fixed string truncation warnings” fixes the warning “-Wformat-truncation=” in igbmain.c by using kasprintf. In...