Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: exfat: fixed the missing shutdown check. The xfstests generic/730 test failed because, after deleting a device that still contained dirty data, the file could still be read without returning an error. The reason is the missing...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: The ioaw hook was defined as mmiowb. The commit fb24ea52f78e0d595852e states that “drivers: Explicit invocations of mmiowb were removed.” All occurrences of mmiowb in drivers were removed. However, it is noted that:...

Astra Linux - уязвимость в glib2.0

A flaw was discovered in the GLib Base64 encoding routine when processing very large input data. Due to incorrect use of integer types during length calculations, the library may incorrectly calculate buffer boundaries. This can lead to memory writes outside of the allocated buffer. Applications...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fixed the crash that occurred when using WRITESAME without a data buffer. In the newer versions of the SBC specifications, there’s a NDOB bit that indicates that there is no data buffer being written. If this bit is...

Astra Linux - уязвимость в bcel

Apache Commons BCEL includes several APIs that typically only allow modifying specific class characteristics. However, due to an out-of-bounds writing issue, these APIs can be used to generate arbitrary bytecode. This could lead to abuse in applications that send attacker-controllable data to tho...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fixed a potential out-of-bounds issue related to read/write operations via clause 45 of the mdiobus API. When using publicly available tools like ‘mdio-tools’ to read/write data from/to network interfaces via the C45...

Astra Linux - уязвимость в linux-5.15

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the issue of not checking the atomicwrite status in f2fs ioctl interfaces. Some f2fs ioctl interfaces, such as f2fsiocsetpinfile, f2fsmovefilerange, and f2fsdefragmentrange, failed to check the atomicwrite status, whi...

Astra Linux - уязвимость в libebml

In libebml before version 1.4.5, an integer overflow can occur in MemIOCallback.cpp when reading or writing data. This may lead to buffer overflows...

Astra Linux - уязвимость в ceph

A flaw was discovered in OpenStack Manilla that manages Ceph File systems’ shares. This flaw allows the owner to read/write any share or entire file system. The vulnerability stems from a bug in the “volumes” plugin of the Ceph Manager. This allows attackers to compromise the confidentiality and...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel up to 5.15.2, hwatlutilsfwrpcwait in drivers/net/ethernet/aquantia/atlantic/hwatl/hwatlutils.c allows an attacker who can introduce a crafted device to trigger an out-of-bounds write by using a crafted length value...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/shmem-helper: Fixed the BUGON in mmapPROTWRITE, MAPPRIVATE. A lack of check for copy-on-write COW mapping in drmgemshmemmmap allows users to call mmap with PROTWRITE and MAPPRIVATE flags, causing a kernel panic due to BUGON i...

Astra Linux - уязвимость в linux

In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack frame...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed the overloading of the meaning of MEMUNINIT Lonial reported an issue in the BPF verifier, where checkmemsizereg contains the following code: c if !tnumisconstreg-varoff / For unprivileged variable accesses, disable raw...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sysctl: Data race issues in procdouintvecminmax have been fixed. A sysctl variable is accessed concurrently, and there is always a risk of data races. Therefore, both readers and writers need some basic protection to avoid data...

Astra Linux - уязвимость в sox

In SoX 14.4.2, there is a floating-point exception in lsxaiffstartwrite in the aiff.c file of libsox.a...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: At the ata subsystem, in the libata-sff module, there is a issue where it is possible for atapiosector to write outside the allocated buffer, thereby overwriting random memory. Reveliofuzzing reported that an SCSIIOCTLSENDCOMMAND...

Astra Linux - уязвимость в sox

A floating-point exception vulnerability was discovered in sox, within the lsxaiffstartwrite function at sox/src/aiff.c:622:58. This flaw can lead to a denial of service...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Write-protecting of L2 SPTEs in TDP MMU when clearing dirty status Check kvmmmupageadneedwriteprotect when deciding whether to write-protect or clear D-bits on TDP MMU SPTEs. This ensures that the TDP MMU takes into...

Astra Linux - уязвимость в paramiko

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...