Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: A potential dereference issue with RCU resources has been fixed in the wilcparsejoinbssparam function. In the wilcparsejoinbssparam function, the TSF field of the ies structure is accessed after the RCU read-side...

Astra Linux - уязвимость в libsoup2.4

A flaw was discovered in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

Astra Linux - уязвимость в netcdf

A issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling during the parsing of crafted XML files out-of-bounds read after a certain strcspn failure...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: A memory leak has been fixed in hi846parsedt. If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources do not get released before returning, resulting in a memory leak...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fixed the memory leak in pathlist. Clang static analysis reports this error. sandboxer.c:134:8: Warning: Potential memory leak pointed to by ‘pathlist’. ret = 0; ^ pathlist is allocated in parsepath, but never...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: ath10k: Error handling in ath10ksetupmsaresources has been fixed. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after that operation. This function only call...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A out-of-bounds error in parsesecdesc has been fixed. If osidoffset, gsidoffset, and dacloffset can be greater than smbntsdstruct.size. If they are smaller, it may lead to an out-of-bounds situation. Additionally, when...

Astra Linux - уязвимость в ffmpeg5, ffmpeg

FFmpeg n6.1.1 has an integer overflow vulnerability. The vulnerability resides in the parseoptions function in the sbgdec.c file, within the libavformat module. When parsing certain options, the software does not properly validate the input. This allows negative duration values to be accepted...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: Fixed the error code msmParseDeeps. The SUBMITERROR macro converts the error code to a negative value. This additional '-' operation reverts it back to a positive EINVAL. The error code is passed to ERRPTR; since...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify the content returned by parseintarray. The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 will result in a null-ptr-deref error...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fixed potential OOBs in smb2ParseContexts Validated offsets and lengths before dereferencing and creating contexts in smb2ParseContexts. This fixes the following OOPs when accessing invalid create contexts from th...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: HID: usbhid: Eliminated a recurring out-of-bounds error in usbhidparse. Updated the struct hiddescriptor to better reflect the mandatory and optional parts of the HID descriptor according to the USB HID 1.11 specification. Not...

Astra Linux - уязвимость в protobuf-c, libsignal-protocol-c

Protobuf-c before version 1.4.1 has an unsigned integer overflow in the parserequiredmember field...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Added a check for a failure in kcalloc in parsethreadgroups. Since kcalloc may fail, it is necessary to check its return value to prevent a NULL pointer derefrence when passing it to ofpropertyreadu32array...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021619 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracingcpumaskwrite If a large count is provided, it will trigger ...

PT-2026-42227

TeleJSON prior to 6.0.0 contains a DOM-based cross-site scripting vulnerability in the parse function that allows attackers to execute arbitrary JavaScript by delivering a crafted JSON payload containing a malicious constructor-name property value. The custom reviver passes the constructor name...

jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers

A flaw was found in jq, a command line JSON processor, specifically in the libjq API. Parsing a malformed JSON input from a non-NUL-terminated buffer using the jvparsesized function can cause an out-of-bounds read, resulting in an application crash and a possible memory disclosure within the erro...

GHSA-73JC-5MRQ-PRW7 SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser

Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to trigger a Denial of Service through resource exhaustion. Patches Versions 4.2.0 and up contain a configurable parse node...