243372 matches found
Astra Linux – Vulnerability in Nettle
A flaw was discovered in Nettle versions prior to 3.7.2. In these versions, several Nettle signature verification functions—GOST DSA, EDDSA, and ECDSA—result in the Elliptic Curve Cryptography point ECC’s multiply function being called with out-of-range scalers. This may lead to incorrect results...
Astra Linux – Vulnerability in Firefox and Thunderbird
If a Blob URL is loaded through some unusual user interaction, it may have been loaded by the system principal, granting additional privileges that should not be granted to web content. This vulnerability affects Firefox ESR 78.10, Thunderbird 78.10, and Firefox 88...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been resolved through improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8, and iPadOS 15.7.8; tvOS 16.6, iOS 16.6, and iPadOS 16.6; macOS Ventura 13.5. It is possible for websites to potentially access sensitive user information...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A flaw in the use of free after the NILFS file system in the Linux kernel was discovered. This flaw causes the function security inodealloc to fail, leading to a call to the nilfsmdtdestroy function. A local user could exploit this flaw to crash the system or potentially escalate their privileges...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virtualization mode when SMM state is toggled The nested virtualization mode is forcibly exited if the user space toggles the SMM state using KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If the user space...
Astra Linux – Vulnerability in Linux 5.15
A flaw in memory writing within the Linux kernel’s UDF file system functionality was discovered. This flaw allows a user to trigger certain file operations, which in turn triggers udfwritefi. A local user could exploit this flaw to crash the system or potentially cause other malicious actions...
Astra Linux – Vulnerability in Linux, Linux 5.10
A vulnerability was discovered in the pfkeyregister function in the net/key/afkey.c file within the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, resulting in a system crash or the leakage of internal kernel information...
Astra Linux – Vulnerability in Linux, Linux 5.10
A heap-based buffer overflow flaw was discovered in the way the legacyparseparam function in the Linux kernel’s Filesystem Context functionality verifies the length of the supplied parameters. A non-privileged user if non-privileged user namespaces are enabled, otherwise requiring CAPSYSADMIN...
Astra Linux – Vulnerability in Qemu
A flaw was discovered in qemu. A host privilege escalation issue was identified in the virtio-fs shared file system daemon, where a privileged guest user is able to create a device-specific special file in the shared directory and use it to gain read/write access to host devices...
Astra Linux – Vulnerability in Linux
A NULL pointer dereference flaw was discovered in the Linux kernel’s GPU Nouveau driver functionality in versions prior to 5.12-rc1. This flaw allows a local user to crash the system. The flaw occurs when the user calls ioctl DRMIOCTLNOUVEAUCHANNELALLOC...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: Fixed a use-after-free in cifsfilldirent. There is a race condition in the readdir concurrency process, which may access the rsp buffer after it has been released, triggering the following KASAN warning...
Astra Linux – Vulnerability in Chromium
The use of the after-free operation in the File System API in Google Chrome before version 92.0.4515.131 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Firefox
GNOME was leaking browser tab titles into system logs. This could potentially expose users’ browsing habits when they are using private tabs. This vulnerability affects Firefox versions earlier than 121...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nfs: fixed the acl memory leak in posixaclcreate When reviewing another nfs xfstests report, I found that errors related to acl and defaultACL in nfs3proccreate and nfs3procmknod might be leaked. These issues need to be...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Do not free the qgroup space unless specified. Boris noticed during his simple quota testing that there was a leak caused by Sweet Tea’s change to the subvol create function, which would stop a transaction commit. This...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: The issue was fixed by dropping all dirty pages during umount if cperror is set. The xfstest generic/361 report indicates a bug as follows: f2fsbugonsbi, sbi-fsyncnodenum; Kernel bug located at fs/f2fs/super.c:1627! RIP:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the BUGON condition in btrfscancelbalance. Pausing and canceling balance can race to interrupt balance, leading to a BUGON panic in btrfscancelbalance. The BUGON condition in btrfs CancelBalance does not take this ra...
Astra Linux – Vulnerability in WebKit2GTK
The issue was resolved through improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2, and iPadOS 17.2, as well as macOS Sonoma 14.2. Processing web content may result in a denial-of-service...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Use spinlock to avoid hangs. 14696.634553 Task: cat State: D Stack: 0 PID:1613738 PPID:1613735 Flags:0x00000004 14696.638285 Call Trace: 14696.639038 14696.640032 schedule+0x302/0x930 14696.640969 schedule+0x58/0xd0...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Fix for misused goto labels. A misused goto label jump can lead to a memory leak. This issue has been addressed...