Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: f2fs: fixed by removing the unnecessary f2fsbugon function to avoid panics. The verifyblkaddr function will trigger a panic once we introduce a fault into f2fsisvalidblkaddr; this unnecessary f2fsbugon function has been remove...

Astra Linux – Vulnerability in ntfs-3g

A buffer overflow was discovered in NTFS-3G before October 3, 2022. Metadata created within an NTFS image can lead to code execution. A local attacker can exploit this vulnerability if the ntfs-3g binary has the setuid root privilege. An attacker who is physically nearby can also exploit this...

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds read in ntfsrunlistsmergei in NTFS-3G 2021.8.22...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: added a check to prevent array-index-out-of-bounds in dbAdjTree. When the value of lp is 0 at the beginning of the for loop, it will become negative during the next assignment, and we should take appropriate measures to avoi...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: UDF: Detection of system inodes linked into the directory hierarchy When the UDF filesystem is corrupted, hidden system inodes may be linked into the directory hierarchy. This can lead to further serious corruption of the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs: init flagsvalid before calling vfsfileattrget syzbot reported a uninit-value bug in 1. Similar to the “get” context, where the kernel’s filekattr structure is initialized before calling vfsfileattrget, we should use the same...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Fix for crashes when mounting with quota enabled There is a reported crash when mounting ocfs2 with quota enabled. Traceback: RIP: 0010:ocfs2qinfolockresinit+0x44/0x50 ocfs2 Call trace: ocfs2localreadinfo+0xb9/0x6f0 ocfs2...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fixed the issue of null pointer dereferencing in ESI. ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is an optional feature, and UFS MCQ should...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations It seems that nothing limits the number of concurrent async COPY operations that clients can initiate. Additionally, AFAICT allows each async COPY to copy an unlimited...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fixed the missing check for the error return from zpcicreatedevice. The zpcicreatedevice function returns an error pointer that must be checked before dereferencing it as a struct zpcidev pointer. This check was added t...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a lockup issue caused by a race condition between inode eviction and inode caching. There is a race condition between inode eviction and inode caching that can cause a live struct btrfsinode to be missing from the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: PCI: Endpoint – Fix for misused goto labels. A misused goto label jump can lead to a memory leak. This issue has been addressed...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an array-index-out-of-bounds issue in diAlloc. Currently, there is no check for the agnno of the iag when allocating new inodes to avoid fragmentation problems. The check has been added, which is necessary...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: The issue of dereferencing a stale list iterator after the loop body has been executed has been fixed. The list iterator variable will become a bogus pointer if no break is executed. Dereferencing it in this case, cur-page...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check the ‘folio’ pointer to ensure it is not NULL. It can become NULL if the bbmap function is called...

Astra Linux – Vulnerability in WebKit2GTK

There was an issue with URL handling that caused spoofing. This issue has been addressed through improved input validation. This issue is fixed in iOS 16.4 and iPadOS 16.4. Visiting a malicious website may result in address bar spoofing...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: hwmon: When the current fan speed state is enforced from sysfs, a non-zero return value is generated. The minimum fan speed can be enforced from sysfs. For example, setting the current fan speed to 20 forces the fan speed to 100%...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: jfs: Fixed an out-of-bounds issue in dbNextAG and diAlloc. In dbNextAG, there was no check for the case where bmp-dbnumag is greater than or equal to MAXAG due to a corrupted image, which could lead to an out-of-bounds...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: A use-after-free issue has been fixed in the asynchronous open function. Yang Erkun reported that when two threads open files at the same time and are forced to abort before a response is received, the call to...