53468 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fixed a possible NULL dereference. In iwlmvmremovetimeevent, a check was added to ensure that ‘tedata-vif’ is NULL before dereferencing it...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fixed a use-after-free in gtpdellink. Since the callrcu function, which is called during the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RCU grace...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Do not wait in vain when unloading the module. There was a race condition in the module exit path, where there was a conflict between deleting all controllers and freeing the “leftover IDs”. To prevent double-freeing, a...
Astra Linux - уязвимость в golang-1.19
The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. Flags...
Astra Linux - уязвимость в pcs
A flaw was discovered in the Pacemaker configuration tool pcs. The pcs daemon allowed expired accounts, as well as accounts with expired passwords, to log in when using PAM authentication. As a result, unprivileged expired accounts that had been denied access could still log in...
Astra Linux - уязвимость в glibc
The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...
Astra Linux - уязвимость в pymongo
A out-of-bounds read in the ‘bson’ module of PyMongo 4.6.2 or earlier allows for deserialization of malformed BSON data provided by the server, which can trigger an exception that may contain arbitrary application memory...
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in the ksmbd component of the Linux kernel. A deadlock occurs when multiple session setup requests are sent simultaneously, which may lead to a denial of service...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfc: nxp-nci: Fixed a potential memory leak in nxpncisend The nxpncisend function calls nxpncii2cwrite. The skb is only freed when nxpncii2cwrite fails. However, even if nxpncii2cwrite succeeds, the skb is not freed at that...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: hwmon: coretemp Simplified platform device handling Coretemp’s platform driver is unconventional. All the actual processing is performed globally by the initcall and CPU hotplug notifiers. The “driver” essentially just wraps t...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdkfd: Fixed error handling in kfdprocessdeviceinitvm. It is recommended to only destroy the ibmem and let the process cleanup worker free the outstanding BOs. Reset the pointer in the pdd-qpd structure to avoid NULL...
Astra Linux - уязвимость в imagemagick
ImageMagick is free software available as a ready-to-run binary distribution or as source code that you can use, copy, modify, and distribute in both open and proprietary applications. In affected versions, Postscript files may be read and written when specifically excluded by a module policy in...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: idpf: A memory leak in the flow steering list has been fixed in rmmod. The flow steering list maintains entries that are added and removed as ethtool creates and deletes flow steering rules. Removing a module with active entries...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Added a check for a valid ‘madagent’ pointer. When unregistering an MAD agent, the srpt module performs a non-null check on the ‘madagent’ pointer before invoking ibunregistermadagent. This check can fail if the...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of BUGENTRY. When CONFIGDEBUGBUGVERBOSE=n, we fail to add the necessary padding bytes to the bugtable entries. As a result, the last entry in a bug table will be ignored, potentially leadin...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: tpm: In tpmcrb, add acpiputtable to fix a memory leak. In crbacpiadd, we obtain the TPM2 table to retrieve information such as the start method, and then assign those values to private data. Therefore, the TPM2 table is not used...
Astra Linux - уязвимость в linux-5.15, linux-6.1
A flaw was discovered in the handling of SMB2 read requests within the kernel’s ksmbd module. The issue arises due to the lack of proper validation of user-provided data, which can lead to reading data beyond the end of an allocated buffer. An attacker can exploit this vulnerability to disclose...
Astra Linux - уязвимость в linux-astra-modules-5.4, linux-astra-modules-5.10
The vulnerability of the pdplPut function in the linux-astra-modules kernel module is related to the assignment of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - уязвимость в ansible
A flaw was discovered in the ansible module, where credentials are disclosed in the console logs by default, and are not protected by security features when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucket Pipeline credentials. The greatest threat posed ...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: In the proc subsystem, the same handling is used for checking proclseek as for procreaditer and others. Directly checking pde-procops-proclseek may lead to a Use-After-Value UAF in the rmmod scenario. This issue arises from a fla...