161066 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: init run lock for extend inode After setting the inode mode of $Extend to a regular file, executing the truncate system call will invoke the dotruncate routine, resulting in an uninitialized runlock error reported by syzbo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/mlx5: HWS, fixed the issue where complex rule rehash operations failed. Moving rules from one matcher to another should not fail. However, if it does fail due to various reasons, the error handling mechanism should allow t...
Astra Linux – Vulnerability in binutils
A vulnerability was identified in GNU Binutils 2.45. The affected component is the elfx8664relocatesection function in the file elf64-x86-64.c of the Linker component. This vulnerability causes a heap-based buffer overflow. The attack can only be executed locally. The exploit has been publicly...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-pf: mcs: Fixed NULL pointer dereferencing issues When the system is restarted after creating a MacSec interface, NULL pointer dereferencing errors occurred. This patch fixes these errors by using the correct order of...
Astra Linux – Vulnerability in binutils
A vulnerability classified as problematic was discovered in GNU Binutils 2.45. The function copysection in the file binutils/objcopy.c is affected by this vulnerability. Manipulation of this function leads to a heap-based buffer overflow. Local attacks are required to exploit this vulnerability...
Astra Linux – Vulnerability in net-snmp
Net-SNMP provides various tools related to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials could use a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable to cause a NULL pointer dereference. Version 5.9.2 includes a patch to address...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 netfilter: nftables: Reject tables of unsupported family. While creating a new netfilter table, the lack of a safeguard against invalid nftables family pf values within the nftablesnewtable function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fixed a possible memory leak in thunderbaybuildfunctions Thunderbayaddfunctions will free memory associated with thunderbayfuncs when everything is correct. However, thunderbayfuncs will not be freed when...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “Bluetooth: btsdio: fix use after free bug in btsdioRemove due to unfinished work” This issue has been resolved through commit 1e9ac114c4428fdb7ff4635b45d4f46017e8916f. This patch introduces a possible null-ptr-def problem...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
Dm-verity is used to extend the root-of-trust to root file systems. LoadPin builds upon this feature to restrict module/firmware loads to only the trusted root file system. Currently, device-mapper table reloads allow users with root privileges to replace the target with an equivalent dm-linear...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Revert “f2fs: block cache/dio write during f2fsenablecheckpoint”. This revert commits 196c81fdd438f7ac429d5639090a9816abb9760a. The original patch might cause a deadlock; revert it. write remount - writebegin - lockpage --- lock ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Makes bpfrefcountacquire failable for non-owning references This patch fixes an incorrect assumption made in the original bpfrefcount series 0. Specifically, it assumes that the BPF program calling bpfrefcountacquire on a...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fixed the reference count leak in pinctrldttomap. If we fail to allocate the propname buffer, we need to remove the reference count that we just acquired. Since pinctrldtfreemaps includes this removal...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – fixed a potential memory leak in rtwinitdrvsw. In rtwinitdrvsw, various initialization functions are called to populate the padapter structure, and certain checks are performed on their return values. However...
Astra Linux – Vulnerability in gpac
A vulnerability, classified as problematic, was discovered in GPAC 2.3-DEV-rev35-gbbca86917-master. This vulnerability affects the gfm2tsprocesssdt function in the mediatools/mpegts.c file. The vulnerability results in a heap-based buffer overflow. Local exploitation is required. The exploit has...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability has been discovered in the Linux kernel. It has been classified as problematic. The affected function is nilfsnew inode in the file fs/nilfs2/inode.c of the BPF component. This vulnerability allows for manipulation after the memory allocation function free is called. The attack ca...
Astra Linux – Vulnerability in Linux 5.10
A double-free bug in the packetsetring function in net/packet/afpacket.c can be exploited by a local user through crafted syscalls to escalate privileges or deny services. We recommend upgrading the kernel to a version that is not affected by this bug, or rebuilding the code after the...
Astra Linux – Vulnerability in xterm
With Patch 370, xterm enables Sixel support. When this is enabled, attackers can exploit a buffer overflow in the setsixel function in graphicssixel.c by using crafted text...
Astra Linux – Vulnerability in gpac
A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: atl1c: Workaround for the DMA RX overflow issue. This work is based on the alx driver commit 881d0327db37 “net: alx: Workaround for the DMA RX overflow issue”. The alx and atl1c drivers both had RX overflow errors; therefore, ...