Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: gadgetfs: epio – wait until IRQ finishes. After usbepqueue, if waitforcompletioninterruptible is interrupted, we need to wait until IRQ is completed. Otherwise, complete from epiocomplete may corrupt the stack...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: In blkstacklimits, we check that the t-chunksectors value is a multiple of the t-physicalblocksize value. However, by determining the chunksectors value in bytes, we may cause an overflow in the unsigned int variable that stores...

Astra Linux - уязвимость в netcdf

A issue was discovered in ezXML 0.8.3 through 0.8.6. The function ezxmlentok improperly handles recursion, resulting in stack consumption for a crafted XML file...

Astra Linux - уязвимость в fig2dev

In the xfig diagramming tool, a stack-overflow issue occurs during the execution of fig2dev, leading to memory corruption due to local input manipulation through the readobjects function...

Astra Linux - уязвимость в connman

The client.c file in gdhcp within ConnMan, as of version 1.41, can be exploited by network-adjacent attackers who operate a crafted DHCP server. This exploitation can lead to a stack-based buffer overflow and a denial of service attack, resulting in the termination of the connman process...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fixed a crash that occurred when using the new isusertask helper. To obtain a user space stacktrace, the current task must be a user task that has executed in user space. It was previously possible to determine wheth...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: qcs615: fixed a crash issue caused by an infinite loop for Coresight. An infinite loop was created by the Coresight devices. When only a source device is enabled, the coresightfindactivatedsysfssink function is...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scs: A wrong parameter was fixed in scsmagic. The scsmagic function requires a void variable, but a struct taskstruct is provided instead. taskscstsk represents the starting address of the task’s shadow call stack, and...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: x86: stopped the use of stack-based calculations in the profilepc function. The profilepc function is used for timer-based profiling, which isn’t really that relevant anymore. It also makes assumptions about the stack layout that...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux

In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumacltcam: Fixed stack corruption When tc filters are first added to a network device, the corresponding local port is bound to an ACL group within the device. This group contains a list of ACLs. Each ACL points t...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsmountreply...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fixed the kernel stack leak in irdmacreateuserah. struct irdmacreateahresp // 8 bytes, no padding u32 ahid; // Offset 0 – SET uresp.ahid = ah-scah.ahinfo.ahidx u8 rsvd4; // Offset 4 – NEVER SET - LEAK ; The rsvd4 fiel...

Astra Linux - уязвимость в json-smart

Json-smart is a performance-oriented JSON processor library. When encountering a '' or '' character in the JSON input, the code parses an array or an object respectively. It was discovered that the code has no limitations on the nesting of such arrays or objects. Since the parsing of nested array...

Astra Linux - уязвимость в libpodofo

In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp, which may lead to a stack overflow. Remote attackers could exploit this vulnerability to cause a denial-of-service attack, or potentially cause other unspecified impacts...

Astra Linux - уязвимость в dcmtk

A security vulnerability has been detected in DCMTK up to version 3.6.5. The affected element is the parseQuota function of the dcmqrscp component. Manipulating the StorageQuota argument leads to a stack-based buffer overflow. Access to local resources is required to exploit this vulnerability. T...

Astra Linux - уязвимость в connman

ConnMan also known as Connection Manager versions 1.30 to 1.39 have a stack-based buffer overflow issue in the uncompress function of dnsproxy.c, occurring due to the use of NAME, RDATA, or RDLENGTH fields for the A or AAAA records...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: The crash in timerlatdumpstack has been fixed. We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 bytes written to a buffer...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/guc: Fixed the use of stackdepot. Added the missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: Kernel NULL pointer dereferencing, address: 0000000000000000 Workqueue:...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm: Don’t spin in addstackrecord when gfp flags don’t allow. The syzbot tool was able to identify the following functions: addstackrecordtolist in mm/pageowner.c:182 inline incstackrecordcount in mm/pageowner.c:214 inline...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: fixed a crash in setmeshsync and setmeshcomplete. There is a bug: KASAN: a stack-out-of-bounds issue in setmeshsync, caused by memcpy from a poorly declared on-stack flexible array. Another crash occurs in...