Astra Linux - уязвимость в poppler

A issue was discovered in Poppler 0.71.0. There is a NULL pointer dereference in goo/GooString.h, which can lead to a denial of service. This issue is evident in utils/pdfdetach.cc, where it does not validate the filename of an embedded file before constructing a save path...

Astra Linux - уязвимость в gnutls28

A issue was discovered in GnuTLS before version 3.6.15. A server can cause a NULL pointer dereferencing in a TLS 1.3 client if a norenegotiation alert is sent at an unexpected time, resulting in an invalid second handshake. The crash occurs during the application’s error handling process, where t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iouring/msgring: A NULL pointer dereference occurred in iomsgsendfd. Syzkaller produced the following call trace: BUG: KASAN: NULL pointer dereference in iomsgring+0x3cb/0x9f0 A size 8 value was written to address 000000000000007...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fixed a null pointer dereference in ext4raw inode If ext4getinodeloc fails e.g., if it returns -EFSCORRUPTED, iloc.bh will remain set to NULL. Since ext4xattr inodedecrefall lacks error checking, this will lead to a...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Removed the unused nvmelswaitq wait queue. System crash occurs when qla2x00startspsp returns the error code EGAIN, and wakeup is called for an uninitialized waitqueue sp-nvmelswaitq. qla2xxx0000:37:00.1-2121:5:...

Astra Linux - уязвимость в apache2

The Apache HTTP Server protocol handler for the HTTP/2 protocol checks the received request headers against the size limitations configured for the server. These restrictions are also applied to the HTTP/1 protocol. If any violations occur, an HTTP response is sent to the client with a status cod...

Astra Linux – Vulnerability in htmldoc

A security issue has been identified in htmldoc v1.9.12 and earlier versions. A NULL pointer dereferencing in the function imageloadjpeg in image.cxx may lead to a denial of service...

Astra Linux - уязвимость в tiff

A null source pointer passed as an argument to the memcopy function within TIFFReadDirectory in tifdirread.c in libtiff versions from 4.0 to 4.3.0 could lead to a Denial of Service attack through a crafted TIFF file. For users who compile libtiff from source code, a fix is available in the commit...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: tipc: fixed a null-ptr-deref in tipctopsrvaccept The syzbot detected a crash in tipctopsrvaccept: - KASAN: Null-ptr-deref in range 0x0000000000000008-0x000000000000000f - Workqueue: tipcrcv in tipctopsrvaccept - RIP: 0010:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gvt: fixed the issue where vGPU debugfs was cleaned up during the remove operation. Please carefully check whether the root debugfs is available when destroying the vGPU. For example, in the remove operation, the DRM...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: A check for a null descriptor is performed before calling ptcmdcallback. This issue resolves a panic that can occur on AMD systems, typically during host shutdown, after the PTDMA driver has been exercised. The...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: canaan: k230: added a NULL check in DT parsing. A NULL check was also added for the return value of ofgetproperty when retrieving the “pinmux” property in the group parser. This prevents a potential NULL pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: core: Prevent NULL dereference in generichwtstampioctllower The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfigpreparedata - devgethwtstampphylib - vlanhwtstampget -...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the NULL check of currxfer in tegraqspiisrthread. Without this protection, the following race...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ice: Do not perform transmission before switchdev is fully configured. There is a possibility that iceeswitchportstartxmit might be called while some resources are still not allocated, which could lead to a NULL pointer derefrenc...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: netsched: Fixed NULL dereferencing in fifosetlimit. syzbot reported another NULL dereferencing in fifosetlimit. 1 The issue can be reproduced with the following command: unshare -n tc qd add dev lo root handle 1:0 tbf limit...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: soc: bcm: Check for a NULL return from devmkzalloc. As a potential failure in allocation, devmkzalloc may return NULL. Then, pd-pmb and the subsequent lines of code may lead to a null pointer dereferencing error. Therefore, it is...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: xfs: Check for deleted cursors when revalidating two btrees. The free space and inode BTree repair functions will rebuild both btrees at the same time. After that, it is necessary to evaluate both btrees to confirm that the...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: usb: mtu3: Fixed the kernel panic that occurred during the qmu transfer done interrupt handler. When handling the qmu transfer interrupt, the @mtu-lock is unlocked before returning the request. If another thread handles the...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: USB: Fixed various issues related to null pointer dereferencing on 10Gbps cables. This prevented null pointer dereferences in functions fecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm by simply reusing the 5Gbps...