21919 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: Avoid crashes due to unnecessary IDA frees. In the “remove path”, there is an attempt to free the auxidx IDA, regardless of whether it was allocated or not. This could potentially cause a crash when unloading the driver on...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: geneve: Fixed header validation in geneve6xmitskb. syzbot is able to trigger an uninit-value in genevexmit. Problem: While most IP tunnel helpers such as iptunnelgetdsfield use skbprotocolskb, true, pskbinetmaypull only uses...
Astra Linux – Vulnerability in Twisted
In words.protocols.jabber.xmlstream in Twisted through version 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to intercept connections...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: afunix: fixed the issue of struct pid leaks in OOB support. The issue arises from queueoob calling maybeaddcreds, which potentially holds a reference to a pid. However, the destructor of skb is not set either directly or by...
Astra Linux – Vulnerability in Firefox and Thunderbird
Using XMLHttpRequest, an attacker could identify installed applications by probing error messages related to loading external protocols. This vulnerability affects Thunderbird version 91.4.0, Firefox ESR version 91.4.0, and Firefox version 95...
Astra Linux – Vulnerability in gnupg2
In GnuPG before version 2.4.9, the armorfilter function in g10/armor.c had two increments of an index variable, where only one was intended. This led to a out-of-bounds write vulnerability with crafted inputs. This issue has been fixed in ExtendedLTS versions, 2.2.51 and later...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skips inactive planes within ModeSupportAndSystemConfiguration. Why Coverity reports a Memory - illegal access issue. How Skips inactive planes...
Astra Linux – Vulnerability in Thunderbird, Firefox
When importing an SPKI RSA public key as an ECDSA P-256 key, the key is handled incorrectly, causing the tab to crash. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143, and Thunderbird 143. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code...
Astra Linux – Vulnerability in Firefox, Thunderbird
Keyboard events reference strings like “KeyA” that are located at fixed, known, and widely-distributed addresses. Cache-based timing attacks, such as Prime+Probe, could potentially determine which keys were pressed. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...
Astra Linux – Vulnerability in edk2
The BootPerformanceTable pointer is retrieved from an NVRAM variable within PEI. It is recommended that the PcdFirmwarePerformanceDataTableS3Support be set to FALSE...
Astra Linux – Vulnerability in Firefox, Thunderbird
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block devices with logical block size page size will be rejected when THP is disabled. If THP is disabled and there are block devices with logical block size page size, the following nullptrderef panic occurs during boot: 13.2 mK...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: fix -ENOENT when deleting VLANs and MST is unsupported Russell King reported that on version ZII dev rev B, deleting a bridge VLAN from a user port fails with -ENOENT:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the remap of the arena. The BPF arena logic did not account for the mremap operation. Added a reference count for multiple mmap events to prevent use-after-free in arenavmclose...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers reported memory safety bugs in Firefox 91 and Firefox ESR 78.13. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox ESR...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ICE: Fixed NULL pointer dereferencing in iceunplugauxdev when resetting. Issuing a reset command while the driver is loaded without RDMA support will result in a crash, as the function attempts to remove a nonexistent auxbus...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed potential null pointer dereference issues. The amdgpurasgetcontext function may return NULL if the device does not support the RAS feature; therefore, a check must be performed before using this function...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: The calltrace warning in amddrmbuddyfini has been fixed. The following call trace was observed when the amdgpu driver was removed. This issue arises because the BOs allocated for psp are not freed until the driver is...
Astra Linux – Vulnerability in exempi
A buffer overflow vulnerability exists in WEBPSupport.cpp in exempi 2.5.0 and earlier, allowing remote attackers to cause a denial of service by opening crafted webp files...