72402 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fixed the stack layout to match the archftraceregs argument of ftracereturntohandler. Naresh Kamboju reported a “Bad frame pointer” kernel warning while running the LTP trace ftracestresstest.sh in riscv. We can...
Astra Linux - уязвимость в u-boot
The U-Boot versions from 2016.09 to 2019.07-rc4 can memset too much data while reading a crafted ext4 filesystem. This results in a stack buffer overflow, potentially leading to code execution...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ARM: 9381/1: kasan: cleared stale stack poison We have identified the following OOB crash: 33.452494 ================================================================== 33.453513 BUG: KASAN: stack-out-of-bounds in...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: sched/taskstack: fixed the objectisonstack function for KASAN-tagged pointers When CONFIGKASANSWTAGS and CONFIGKASANSTACK are enabled, the objectisonstack function may produce incorrect results due to the presence of tags in the...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy-enablecompletion only when we wait for it. The pm8001phycontrol function populates the enablecompletion pointer with a stack address, sends a PHYLINKRESET/PHYHARDRESET, waits for 300 milliseconds, and then...
Astra Linux - уязвимость в yaml-cpp
The SingleDocParser::HandleNode function in yaml-cpp also known as LibYaml-C++ 0.5.3 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...
Astra Linux - уязвимость в icu
A stack buffer overflow was detected in the International components for Unicode ICU. While running the genrb binary, the ‘subtag’ structure exceeded its limit at the SRBRoot::addTag function. This issue may lead to memory corruption and the execution of arbitrary local code...
Astra Linux - уязвимость в firefox
The frame iterator could get stuck in a loop when encountering certain Wasm frames, leading to incorrect stack traces. This vulnerability affects Firefox 128 and Thunderbird 128...
Astra Linux - уязвимость в apache2
Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Digest nonce can cause a stack overflow in modauthdigest. There is no report of this overflow being exploitable, nor can the Apache HTTP Server team have created such a report. However, certain compilers and/or compilation options...
Astra Linux - уязвимость в connman
A stack-based buffer overflow in dnsproxy in ConnMan prior to version 1.39 could be exploited by network-adjacent attackers to execute malicious code...
Astra Linux - уязвимость в libde265
It was discovered that Libde265 v1.0.8 contains a stack-buffer-overflow vulnerability through the use of putqpelfallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: The comparison of MACs is now performed at constant time. To prevent timing attacks, MACs need to be compared at constant time. Use the appropriate helper functions for this purpose...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: spmi: In the tracing functions, there was an issue where access to memory was out of bounds. This issue was fixed by using a length of “len” instead of “len + 1”. The functions tracespmiwritebegin and tracespmireadend both use...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: x86/efistub: Calls boot services in mixed mode on the firmware’s stack Normally, the EFI stub calls into EFI boot services using the stack that was active when the stub was invoked. According to the UEFI specification, this stack...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Input: uinput – zero-initializing uinputff UploadCompat to prevent information leakage. The struct ffeffectcompat is embedded twice within uinputff UploadCompat and contains internal padding. In particular, there is a gap after...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, hsr: rejecting HSR frames if skb cannot hold the tag. Receiving an HSR frame with insufficient space to hold the HSR tag in the skb can result in a crash kernel bug. 45.390915 skbuff: skbunderpanic:...
Astra Linux - уязвимость в ntfs-3g
A properly crafted NTFS image with an unallocated bitmap can lead to an endless recursive function call chain starting from ntfsattrpwrite, causing stack consumption in NTFS-3G 2021.8.22...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: dccp: copying the entire header to the stack buffer, not just the basic header Eric Dumazet states: nfconntrackdccppacket has a unique function: dh = skbheaderpointerskb, dataoff, sizeofdh, &dh; And nothing...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: wifi: brcmfmac: Fixed a potential stack-out-of-bounds situation in brcmfmac43236b. This patch addresses a read operation that may lead to a stack-out-of-bounds condition when the buffer buf that is not null-terminated is passe...
Astra Linux - уязвимость в linux, linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: Networks: Fixed a stack overflow issue when LRO is disabled for virtual interfaces. When the features of a virtual interface are updated, the updated features are synchronized with its underlying interfaces. This synchronization...