Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The ezxmlparse functions improperly handle XML entities, resulting in an infinite loop where memory allocation occurs...

Astra Linux - уязвимость в thrift

In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...

Astra Linux - уязвимость в linux-5.15

A issue was discovered in the Linux kernel before version 6.3.4. In the fs/ksmbd/connection.c file of ksmbd, there is an off-by-one error in memory allocation due to ksmbdsmb2checkmessage, which may lead to out-of-bounds access...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: Xilinx: Do not perform sleepable memory allocations from an atomic context. The following issue was discovered using lockdep: 6.691371 BUG: A sleeping function is called from an invalid context at...

Astra Linux - уязвимость в exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a write-what-where condition vulnerability that occurs during the application’s memory allocation process. This may cause the memory management functions to become mismatched, resulting in local application denial of service in the...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.32. It involves an attempt at excessive memory allocation in the bfdelfslurpversiontables function within elf.c...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Memory allocation should be avoided in iommususpend. The iommususpend system call’s suspend callback is invoked with IRQs disabled. allocating memory using the GFPKERNEL flag may re-enable IRQs during the suspend...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: The pointer to debugfsdir is set to NULL after removing debugfs. If init debugfs fails during device registration due to a memory allocation failure, the function debugfsremoverecursive is called. However, debugfsd...

Astra Linux - уязвимость в linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: clk: zynq – Prevent null pointer dereferencing caused by kmalloc failures The kmalloc function in zynqclksetup will return null if physical memory runs out. As a result, if we use snprintf to write data to a null address, a null...

Astra Linux - уязвимость в glibc

The Name Service Cache Daemon’s nscd netgroup cache uses xmalloc or xrealloc, and these functions may terminate the process due to a memory allocation failure, resulting in a denial of service for clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability ...

Astra Linux - уязвимость в firefox

A memory allocation check was missing, which could lead to a “use-after-free” error if the allocation failed. This could potentially trigger a crash or be exploited to achieve code execution. This vulnerability affects Firefox versions less than 126...

Astra Linux – Vulnerability in pillow

A issue was discovered in Pillow prior to version 10.0.0. It is a denial-of-service attack where memory is uncontrollably allocated to processing a given task, potentially causing a service to crash due to running out of memory. This occurs for truetype in ImageFont when textlength in an ImageDra...

Astra Linux - уязвимость в imlib2

It was discovered that imlib2 v1.9.1 mishandles memory allocation in the initimlibfonts function...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fix DMA corruption on long hmac keys When a key longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be rounded to the DMA cache...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ntfs: -dcompare must not block. … So don’t use getname there. Switch it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash can almost certainly handle smaller allocations, but let the ntfs team deal with that—keep the allocation siz...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Corrected the allocation size for bytes controls. The size of the data behind scontrol-ipccontroldata for bytes controls is as follows: 1 sizeofstruct sofipc4controldata + // kernel-only struct 2...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: LoongArch: Fixed missing NULL checks for kstrdup 1. Replaced “offindnodebypath"/"” with “ofroot” to avoid multiple calls to “ofnodeput”. 2. Fixed a potential kernel error during early boot when memory allocation fails while...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrementing rereceiving on early exit paths In cases where rpcrdmapostrecvs fails to create a work request due to memory allocation failures, for example or exits early, we should decrement ep-rereceiving before...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity directly calls decompression instead of triggering another workqueue context for minimal scheduling latency. Th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/rds: Fixed a circular locking dependency in rdstcptune syzbot reported a circular locking dependency in rdstcptune, where sknetrefcntupgrade is called while holding the socket lock:...