72402 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: md/raid0, raid10: Do not set discard sectors for the request queue. It should use diskstacklimits to determine the appropriate maxdiscardsectors instead of setting the value using stack drivers. There is also a bug. If all...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: bpf, verifier: Fixed a memory leak in array reallocation for stack state. If an error NULL is returned by krealloc, callers of reallocarray set their allocation pointers to NULL. However, when an error occurs in krealloc, it...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/ionic: Fixed a kernel stack leak in ioniccreatecq. c struct ioniccqresp resp u32 cqid2; // Offset 0 – PARTIALLY SET see below u8 udmamask; // Offset 8 – SET resp.udmamask = vcq-udmamask u8 rsvd7; // Offset 9 – NEVER SET...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: qca: fixed an issue where information was leaked when fetching the fw build id. Added missing sanity checks and moved the 255-byte build-id buffer off the stack to prevent the leakage of stack data through debugfs, ...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: s390/entry: Marked IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt context as an uninteresting or irrelevant part of the stack traces. This helps with stack trace...
Astra Linux - уязвимость в linux-5.15, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: rcu: Avoid stack overflow due to rcuirqenterchecktick being kprobed. Registering a kprobe for rcuirqenterchecktick can cause a kernel stack overflow. This issue can be reproduced by enabling CONFIGNOHZFULL and booting the kernel...
Astra Linux - уязвимость в busybox
There is a stack overflow vulnerability in ash.c:6030 in busybox before version 1.35. In the environment of the Internet of Vehicles, this vulnerability can lead to the execution of arbitrary code from commands...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a stack-out-of-bounds read in l2capecredconnreq. Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd, which is triggered by a malformed Enhanced Credit Based Connection Request. The...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an out-of-bounds write in triegetnextkey The triegetnextkey function allocates a node stack with a size of trie-maxprefixlen. However, it writes trie-maxprefixlen + 1 nodes to the stack when the stack is full. For...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: Fixed a potential stack-out-of-bounds write in ath9kwmirspcallback. This write occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes to wmi-cmdrspbuf, a...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: “riscv”: preventing corruption of pt regs for secondary idle threads. The top of the kernel thread stack should be reserved for pt regs. However, this is not the case for the idle threads of the secondary boot harts. Their stacks...
Astra Linux - уязвимость в xorg-server, xwayland
A buffer overflow vulnerability was discovered in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and will copy the data regardless of the siz...
Astra Linux - уязвимость в linux-5.10, linux
A use-after-free in the mac80211 stack, during the parsing of a multi-BSSID element in the Linux kernel versions 5.2 through 5.19.x before 5.19.16, could be exploited by attackers who have access to injecting WLAN frames. This exploitation could lead to kernel crashes and potentially allow them t...
Astra Linux - уязвимость в exim4
Exim 4 before 4.94.2 has an improper initialization issue that can lead to recursive stack consumption or other consequences. This occurs because the use of certain getc functions is handled incorrectly when a client uses BDAT instead of DATA...
Astra Linux - уязвимость в gnutls28
A flaw was discovered in the GnuTLS library, specifically in the gnutlspkcs11tokeninit function, which handles PKCS11 token initialization. When a token label longer than expected is processed, the function writes beyond the end of a fixed-size stack buffer. This programming error can cause...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of “acpiid” if the “str” argument is at its maximum length...
Astra Linux - уязвимость в grub2
A stack overflow flaw was discovered while reading a BFS file system. A specially crafted BFS file system may lead to an uncontrolled loop, causing grub2 to crash...
Astra Linux - уязвимость в libmysofa
LibMySOFA 0.9.1 has a stack-based buffer overflow issue in the readDataVar function in hdf/dataobject.c, during the reading of a header message attribute...
Astra Linux - уязвимость в firefox, thunderbird
Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox 125, Firefox ESR 115.12, and Thunderbird 115.12...
Astra Linux - уязвимость в ofono
A flaw was discovered in ofono, an open-source telephony software for Linux. A stack overflow bug occurs within the decodestatusreport function during SMS decoding. It is assumed that the attack scenario can be executed from a compromised modem, a malicious base station, or simply through SMS...