126361 matches found
Astra Linux – Vulnerability in edk2
EDK2’s Network Package is vulnerable to an infinite loop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of availability...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: It was fixed that link down work might be scheduled before lgr is freed, but it would execute after lgr is freed, which could lead to a crash. Therefore, it is necessary to hold a reference before scheduling the link dow...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “wifi: mac80211: fix memory leak in ieee80211ifadd” This resolution involves committing change 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. The function ieee80211iffree is already called from freenetdevndev, because...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFS/localio: Fixed a race condition in nfslocalopenfh Once the clp-cluuid.lock is dropped, another CPU may come in and free the structnfsdfile that was just added. To prevent this from happening, take the RCU read lock before...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Lightweight HTTP Server. The supported versions affected include Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3, and 22.2....
Astra Linux – Vulnerability in NTP
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, ntpd allows an off-path attacker to block unauthenticated synchronization via a server mode packet with a spoofed source IP address. This occurs because transmissions are rescheduled even when a packet lacks a valid origin timestamp...
Astra Linux – Vulnerability in NTP
In NTP versions prior to 4.2.8p14 and 4.3.x before 4.3.100, remote attackers could exploit this vulnerability to cause a denial of service—resulting in the daemon exiting or the system time being changed. This was possible by predicting the transmit timestamps used in forged packets. The victim w...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fixed the behavior of the READ operation near OFFSETMAX. Dan Aloni reports: Due to commit 8cfb9015280d “NFS: Always provide aligned buffers to RPC read layers” on the client, a read of 0xfff is aligned up to the server’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: idpf: Fixed the issue where the RSS LUT NULL pointer dereference occurred after a soft reset. During a soft reset, the RSS LUT is freed and not restored unless the interface is active. If an ethtool command that accesses the R...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: added more sanity checks to qdiscpktleninit. One of the approaches handles SKBGSODODGY, assuming that skb-len is greater than hdrlen. The function virtionethdrtoskb does not fully dissect TCP headers; it only ensures that th...
Astra Linux – Vulnerability in OpenVPN
OpenVPN 2.5.1 and earlier versions allow remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication. This can potentially lead to further information leaks...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: gtp: The device is destroyed along with the udp socket’s netns. The gtpnewlink function links the device to the list in devnet dev, instead of srcnet, where an udp tunnel socket is created. Even when srcnet is removed, the...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: Discarded command completions in internal errors. Fixed the use of “free” after a device enters an internal error state. Avoid calling the completion handler in this case, as the device will flush the command interfa...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: cifs: Fixed a UAF in cifsdemultiplexthread There is a UAF when performing xfstests on cifs: BUG: KASAN: Use-after-free in smb2isnetworknamedeleted+0x27/0x160 Reading a size 4 value at address ffff88810103fc08 by task cifsd/923...
Astra Linux – Vulnerability in NTP
The praecisparse function in ntpd/refclockpalisade.c, within NTP 4.2.8p15, contains an out-of-bounds write vulnerability. Any attack method would be complex, for example, using a manipulated GPS receiver...
Astra Linux – Vulnerability in NTP
In the file libntp/mstolfp.c, within the NTP version 4.2.8p15, there is a buffer overflow vulnerability when copying the trailing number. An attacker may be able to exploit this vulnerability against a client’s NTPQ process, but they cannot exploit it against ntpd...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: igb: Fixed the issue where igbdown got hung when removing the Thunderbolt hub. In a setup where a Thunderbolt hub is connected to Ethernet and a display via USB Type-C, users may experience a task-hanging timeout when they remove...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: 2D. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK:...
Astra Linux – Vulnerability in Intel Microcode
A failure in the protection mechanism of the bus lock regulator for certain IntelR processors may allow an unauthenticated user to potentially exploit the system to cause a denial of service through network access...
Astra Linux – Vulnerability in NTP
In the mstolfp.c file within NTP 4.2.8p15, there is a buffer overflow vulnerability when adding a decimal point. An adversary may be able to attack a client’s ntpq process, but they cannot attack the ntpd process...