Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: bfa: Fixed a use-after-free in bfadimmoduleexit. BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20. A size 8 read was performed at address ffff8881082d80c8 by task modprobe/25303. Call Trace:...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: igb: A potential invalid memory access issue has been fixed in igbinitmodule. The pciregisterdriver function may fail. When this occurs, the dcanotifier needs to be unregistered. Otherwise, the dcanotifier can be called when igb...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: hns3: fixed a kernel crash that occurred when uninstalling the driver When the driver is uninstalled and the VFs are disabled concurrently, a kernel crash occurs. The reason is that both actions call the function...

Astra Linux - Vulnerability in Golang-1.19

The go command may execute arbitrary code during compilation when using cgo. This can occur when running “go get” on a malicious module, or when running any other command that compiles unauthorized code. This issue can be triggered by linker flags, specified via the cgo LDFLAGS directive. Flags...

Astra Linux - Vulnerability in linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly restricted format strings where the dynamic parts consist only of hex numbers or similar values. However, there are a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Tracing: Build event generation tests are performed only as modules. The kprobes and synth event generation test modules add events and lock them get a reference to those event files in the module initialization function, and...

Astra Linux – Vulnerability in Ansible

A flaw was discovered in Ansible Engine, in ansible-engine 2.8.x before 2.8.15, and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation, even when the disablegpgcheck parameter is set to False—which is the default...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: PCI: cx23885: Check cx23885vdevinit return. cx23885vdevinit may return a NULL pointer, but that pointer is used in the next line without any checks. Add a NULL pointer check, and proceed with error unwinding if the pointer...

Astra Linux – Vulnerability in libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fixed a use-after-free in gtpdellink. Since the callrcu function, which is called during the hlistforeachentryrcu traversal of gtpdellink, is not part of the RCU read critical section, it is possible that the RCU grace...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: nfc: nxp-nci: Fixed a potential memory leak in nxpncisend The nxpncisend function calls nxpncii2cwrite. The skb is only freed when nxpncii2cwrite fails. However, even if nxpncii2cwrite succeeds, the skb is not freed within...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: atm: iphase: fixed a possible use-after-free in iamoduleexit The remove function of this module calls deltimer. However, that function does not wait for the timer handler to finish. This means that the timer handler may still be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: The issue related to ref-counting on the PMU “vpapmu” has been fixed. Commit 176cda0619b6 “powerpc/perf: Add a perf interface to expose vpa counters” introduced “vpapmu” to expose the Book3s-HV nested APIv2. This...

Astra Linux – Vulnerability in glibc

The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library also known as glibc from versions up to 2.34 copies its hostname argument onto the stack without validating its length. This may lead to a buffer overflow, potentially causing a denial of service or, if the...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel 6.0.8, there is a use-after-free in rununpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size...

Astra Linux – Vulnerability in lxml

A XSS vulnerability was discovered in the python-lxml’s clean module versions prior to 4.6.3. When the “safe attrsonly” and “forms” arguments are disabled, the Cleaner class does not remove the “formaction” attribute, allowing JavaScript to bypass the sanitizer. A remote attacker could exploit th...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fixed module PLTs with mcount Li Huafei reports that the ftrace with module PLTs based on mcount was broken by the commit: a6253579977e4c6f “arm64: ftrace: consistently handle PLTs.” When module PLTs are used and a...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-check Shell scripts to detect Linux kernel vulnera...

@aaasd/pocpoc (=99.99.9996), internal-company-module-test-1337 (>=99.99.9991 <=99.99.9995) potentially affected by unknown CVE via internal-company-module-test-1337 (=99.99.9996)

internal-company-module-test-1337 NPM version =99.99.9996 is affected by a known vulnerability. The following packages have a transitive dependency on internal-company-module-test-1337 and may be impacted: - @aaasd/pocpoc =99.99.9996 - internal-company-module-test-1337 =99.99.9991, =99.99.9995...

Malicious code in internal-company-module-test-1337 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ffa107cadda6301a772af8727ebafd976365c28371cddd211c176a57b12715d9 The package internal-company-module-test-1337 was found to contain malicious code. Source: ossf-package-analysis...