Astra Linux - уязвимость в linux-5.10

In the Linux kernel before version 6.0.3, the file drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the return value of drmgemshmemgetsgtable. It expects the value to be NULL in the error case, but in reality, it is an error pointer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/slub: The issue of the freelist pointer vs. redzone allocation has been fixed. It turns out that SLUB’s redzone allocation checks based on s-objectsize, rather than s-inuse which is usually adjusted to make room for the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Holding the reservation lock around madvise The issue involves acquiring and releasing the reservation lock related to the GEM object during operations like madvide. The tests use drmgemshmemmadviselocked, which...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed an object leak in the VMBIND error path. If we fail to perform a handle-lookup halfway through, we need to discard the already obtained object references. Patchwork: https://patchwork.freedesktop.org/patch/66978...

Astra Linux – Vulnerability in Firefox and Thunderbird

The texture upload of a Pixel Buffer Object could have caused WebGL code to skip binding the buffer used to unpack it, resulting in memory corruption and a potentially exploitable information leak or crash. This vulnerability affects Firefox ESR 78.9, Firefox 87, and Thunderbird 78.9...

Astra Linux - уязвимость в pyasn1

pyasn1 is a generic ASN.1 library for Python. Prior to version 0.6.2, a Denial-of-Service issue was identified that could lead to memory exhaustion due to malformed RELATIVE-OID values with excessive continuation octets. This vulnerability has been fixed in version 0.6.2...

Astra Linux - уязвимость в postgresql-11

A flaw was discovered in PostgreSQL versions prior to 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20, and before 9.5.24. An attacker who has permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The...

Astra Linux - уязвимость в gst-plugins-bad1.0

GStreamer MXF File Parsing: Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...

Astra Linux - уязвимость в ceph

A flaw was discovered in Ceph, related to URL processing on RGW backends. An attacker can exploit this issue by providing a null URL, causing the RGW to crash and resulting in a denial of service...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/ivpu: Fixed a page fault in ivpubounbindallbosfromcontext...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential double-free of the bit17 bitmask. A userspace environment where multiple threads compete to set the tiling to I915TILINGNONE could lead to a double-free of the bit17 bitmask. Or, conversely, memory...

Astra Linux - уязвимость в libjettison-java

Those who use Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks DOS. If the parser runs on user-supplied input, an attacker may provide content that causes the parser to crash due to out-of-memory conditions. This vulnerability could potentially allow for...

Astra Linux - уязвимость в node-json-schema

JSON-schema is vulnerable to improperly controlled modification of object prototype attributes known as “Prototype Pollution”...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fixed the error path in panfrostmmumapfaultaddr Subject: PATCH drm/panfrost: Fixed the error path in panfrostmmumapfaultaddr If some of the page allocations fail, we should not release the previous references to tho...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: A kernel panic occurred during the drive powercycle test. While iterating through Shost’s sdev list, it is possible that one of the drives is being removed, and its sastarget object is freed, but its sdev object...

Astra Linux - уязвимость в zabbix

The memory pointer is a property of the Ducktape object. This leads to multiple vulnerabilities related to direct memory access and manipulation...

Astra Linux - уязвимость в chromium

In ANGLE of Google Chrome, before version 96.0.4664.110, there was an issue with the object lifecycle mechanism that allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в libjettison-java

A stack overflow in Jettison prior to v1.5.2 allowed attackers to cause a Denial of Service DoS attack through crafted JSON data...

Astra Linux - уязвимость в chromium

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential overflow of the shmem scatterlist length. When a scatterlists table of a GEM shmem object with a size of 4 GB or more is populated with pages allocated from the folio format, the .length attribute of...