466 matches found
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: media: venus: vdec: A possible memory leak issue has been fixed. The implementation of venushelperallocdpbbufs allows for an early return on an error path when checking the ID from idaallocmin. This would prevent the earlier buff...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed the issue where a use-after-free occurred in vdecclose. There seems to be a potential use-after-free when calling vdecclose. The firmware will add the buffer release operation to the work queue through HFI...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfiparser: add check to avoid out of bound access There is a possibility that initcodecs is invoked multiple times during manipulated payload from video firmware. In such case, if codecscount can get incremented to...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, emptyspace will be...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: protect against spurious interrupts during probe Make sure the interrupt handler is initialized before the interrupt is registered. If the IRQ is registered before hficreate, it's possible that an interrupt fires...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed an issue where OOB reading occurred due to a missing payload-bound check. Currently, the eventseqchanged handler processes a variable number of properties sent by the firmware. The number of properties is...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfiparser: refactor hfi packet parsing logic wordscount denotes the number of words in total payload, while data points to payload of various property within it. When wordscount reaches last word, data can access...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: venus: Added a check for the packet size after reading from shared memory. A check was added to ensure that the packet size does not exceed the number of available words after reading the packet header from shared memory...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fixed a bug related to the use of core-work after it is freed, due to a race condition in the venusremove function. In venusprobe, core-work is bound to venussyserrorhandler, which is used to handle errors. The code...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the error handling first calls hfidestroy and afterwards hficoredeinit. As hfidestroy sets core-ops to NULL, hficoredeinit cannot call th...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Venus: pmhelpers: Fixed a warning in the OPP phase during the probe. Fixed the following WARN messages that were triggered during the Venus driver probe in version 5.19.0-rc8-next-20220728: WARNING: CPU: 7 PID: 339 at...
ROS-20260403-73-0021
A vulnerability in the venus component of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability allows an attacker to cause a denial of service...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005099)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005099 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdecclose There appears to be a possible use after free with...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005127)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005127 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venusremove due to race condition in venusprobe, core-wo...
ROS-20260126-73-0018
A vulnerability in the venus component of the Linux operating system kernel is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260126-73-0017
A vulnerability in the venus component of the Linux operating system kernel is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23159)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23159 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle...
Azure Linux 3.0 Security Update: kernel (CVE-2025-23158)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-23158 advisory. - In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle...
EUVD-2025-179919
Malicious code in cache-less-venus-supercluster npm...
EUVD-2025-178657
Malicious code in greatfilter-venus-stream-halley npm...