33619 matches found
Astra Linux - уязвимость в linux-6.1, linux, linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nftables: Fixed a potential data race in nftobjtypeget. The function nftunregisterobj can occur concurrently with nftobjtypeget. There is no protection when iterating over the nftablesobjects list in nftobjtypeget...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevents concurrent access to the IPSec ASO context. The querying or updating of IPSec offload objects occurs through the Access ASO WQE. The driver uses a single mlx5eipsecaso structure for each PF, which contains a...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fixed the incorrect order of resource deallocation. When attempting to destroy a QP or CQ, we first reduce the reference count and potentially free the memory regions allocated for the object. Then, we request the devic...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/shmem-helper: The erroneous “put” operation has been removed from the error path. The drmgemshmemmmap function does not have a reference in the error code path, resulting in the dma-buf shmem GEM object being freed...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/panthor: Fixed UAF issues on kernel BO VA nodes. If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to still be updated. If the MMU is blocked, the rest of the GPU should also be blocke...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-mmio: Do not break the lifecycle of vmdev. vmdev has a separate lifecycle because it has a struct device embedded within it. Therefore, having a release callback for it is correct. However, allocating the vmdev structure...
Astra Linux - уязвимость в chromium
Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в firefox
It was possible to mutate a JavaScript object in such a way that the JIT compiler could crash while tracing it. This vulnerability affects Firefox versions less than 125...
Astra Linux - уязвимость в linux-5.10, linux
It was discovered that an NFT object or expression could reference a NFT set located in a different NFT table, resulting in a use-after-free once that table was deleted...
Astra Linux - уязвимость в python-pymysql
PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input, because keys are not escaped by escapedict...
Astra Linux - уязвимость в git
Git is a revision control system. By using a specially crafted repository, Git versions prior to 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 could be tricked into using its local clone optimization, even when using a non-local transport. Although Git will...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race conditions in allocslabobjexts. If two competing threads enter allocslabobjexts, and one of them fails to allocate the object extension vector, it may override the valid slab-objexts allocated by the other thread...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refusal to enable an unbound pipe The ioctl function implicitly assumed that the socket was already bound to a valid local socket name, i.e., a Phonet object. If the socket was not bound, two problems would occur: 1 W...
Astra Linux - уязвимость в firefox, thunderbird
During process shutdown, a document could cause a use-after-free of a languages service object, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 93, Thunderbird 91.2, and Firefox ESR 91.2...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed a reference leak in amdgpuuserqwaitioctl. Also, removed the reference to syncobj and timeline fence when aborting the ioctl, as it caused issues due to the output array being too small. This issue was...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a memory leak in intelfbboframebufferinit. Added a unref statement for the bo variable in the error handling path, to prevent the bo reference from being leaked. Return 0 on success to clarify the success path...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: watchqueue: Actually free the watch object. The freewatch function does everything except for actually freeing the watch object. This issue is fixed by adding the missing kfree call. kmemleak generates a report similar to the...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: A memory leak has been fixed in the ipcpciereadbioscfg function. The ipcpciereadbioscfg function uses acpievaluatedsm to obtain the wwan power state configuration from the BIOS. However, it does not free the...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fixed corruption of the shrinker list caused by the madvise IOCTL. Calling the madvise IOCTL twice on BO causes corruption of the memory shrinker list, leading to a kernel crash. This occurs because BO is already on...
Astra Linux - уязвимость в firefox
A memory-out-of-memory condition during object initialization could lead to an empty shape list. If the JIT compiler traces the object subsequently, it will cause a crash. This vulnerability affects Firefox versions less than 125...