76759 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net/sctp: A null dereference in the sctpdisposition sctpsfdo51Dce function has been fixed. If newasoc-peer.adaptationind=0, sctpulpeventmakeauthkey=0, and sctpulpeventmakeauthkey returns 0, then the variable aiev remains zero, an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq/longhaul: handled NULL policy in longhaulexit The longhaulexit function was calling cpufreqcpuget0 without checking for a NULL policy pointer. On some systems, this could lead to a NULL derefrence and a kernel warning or...
Astra Linux – Vulnerability in Firefox and Thunderbird
The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, leading to a nullptr dereference. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140....
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phy: micrel: always set shared-phydev for LAN8814 Currently, during the LAN8814 PTP probe, shared-phydev is only set if the PTP clock is actually set. Otherwise, the function returns before setting it. This is a problem...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: blk-throttle: Fixed an access race issue during the activation of the throttle policy. During repeated cold boots, we occasionally encountered a NULL pointer crash in blkshouldthrotl, when checking the throttle policy before t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi – avoid null pointer dereference in mpicmpui During NVMeTCP authentication, a controller can trigger a kernel oops by specifying the 8192-bit Diffie Hellman group and passing a correctly sized, but zeroed Diffie...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: dm flakey: fixed an crash caused by an invalid table line. This command will cause a crash when using a NULL pointer dereference: dmsetup create flakey --table "0 blockdev --getsize /dev/ram0 flakey /dev/ram0 0 0 1 2 corruptbioby...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Check for read-only mounted filesystem in txBegin This patch adds a check for read-only mounted filesystem in txBegin before starting a transaction, potentially preventing NULL pointer dereferencing...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Directly freeing partially initialized fsinfo in btrfscheckleakedroots If fsinfo-supercopy or fsinfo-superforcommit was allocated and failed in btrfsgettreesubvol, then there is no need to call btrfsfreefsinfo. Otherwise,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-net: The issue of checking the received length in large packets has been fixed. Since commit 4959aebba8c0 “virtio-net: Use the MTU size as the buffer length for large packets”, when the guest gso is disabled, the allocated...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sofsdw: Prevent a jump to NULL for the addsidecar callback In the createsdwdailink function, it is checked that sofend-codecinfo-addsidecar is not NULL before calling it. The original code assumed that if...
Astra Linux – Vulnerability in PHP 8.1, PHP 7.3
In PHP versions 8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, and 8.4. before 8.4.10, some functions like fsockopen lack validation to ensure that the supplied hostname does not contain null characters. This may cause other functions like parseurl to handle the hostname differently,...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null check has been added for the function pointer in dcn32setoutputtransferfunc. This commit adds a null check for the setoutputgamma function pointer in the dcn32setoutputtransferfunc function. Previously,...
Astra Linux – Vulnerability in ffmpeg
A flaw was discovered in FFmpeg’s HLS playlist parsing. This vulnerability allows for a denial of service through a maliciously crafted HLS playlist, which triggers a null pointer dereference during initialization...
Astra Linux – Vulnerability in libssh
A flaw was discovered in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange KEX process, a failure in cryptographic functions may lead to a NULL pointer being dereferenced. This issue can cause the client or server to crash...
Astra Linux – Vulnerability in dcmtk
A vulnerability was detected in DCMTK up to version 3.6.7. The affected element is the function DcmQueryRetrieveConfig::readPeerList in the file /dcmqrcnf.cc of the component dcmqrscp. This vulnerability results in a null pointer dereference. The attack can be carried out locally. The exploit is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls the struct usbdriver::disconnect, and then the struct...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211: mlme: Fixed the issue where a null pointer dereference occurred when association with an AP without a link 0 failed. If the association with an AP without a link 0 fails, we may crash during tracing. This occurs...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/mediatek: Check the return value after calling platformgetresource platformgetresource may return a NULL pointer. We need to check its return value to avoid a null-ptr-deref in resourcesize...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: icmp6: Fixed the null-ptr-deref of ip6nullentry-rt6iidev in icmp6dev. With some IPv6 Ext Hdr RPL, SRv6, etc., we can send a packet that has the link-local address as src and dst IP, and it will be forwarded to an external IP in t...