Astra Linux – Vulnerability in Pandoc

Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file-write vulnerability. This vulnerability could be exploited by including a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisock: Prevent race conditions in socket write iteration and sock bind. There is a potential race condition between sock bind and socket write iteration. bind may free the same memory block via mgmtpending before the...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: systemport: Added global locking for the descriptor lifecycle. The descriptor list is a shared resource across all transmit queues. The locking mechanism currently used only protects concurrency within a given transmit queue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: The issue where inline data checks might be performed during dio write operations has been fixed. According to syzbot, the following warning from ext4iomapbegin is triggered as of the referenced commit: c if...

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...

Astra Linux – Vulnerability in Linux

In various methods of kernel-based drivers, there is a possibility of an out-of-bounds write due to a heap buffer overflow. This could lead to a local escalation of privileges, requiring system execution privileges. User interaction is not required for exploitation. Product: Android Versions:...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a write-what-where condition vulnerability that occurs during the application’s memory allocation process. This may cause the memory management functions to become mismatched, resulting in local application denial of service in the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: LoongArch: The ioaw hook was defined as mmiowb. The commit fb24ea52f78e0d595852e states that “drivers: Explicit invocations of mmiowb were removed.” All occurrences of mmiowb in drivers were removed. However, it is noted that:...

Astra Linux – Vulnerability in Chromium

Before version 92.0.4515.131, writing out-of-bounds data using Tab groups in Google Chrome allowed an attacker who convinced a user to install a malicious extension to perform an out-of-bounds memory write via a crafted HTML page...

Astra Linux – Vulnerability in net-snmp

The handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP versions 5.8 through 5.9.3 has a NULL Pointer Exception bug. This bug can be exploited by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in a Denial of Service attack...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300 – ensure that the data length is within the supported range. A explicit check for the transfer length should be added to ‘rtl9300i2cconfigxfer’ to ensure that the data length is not within the supported range. In...

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25, and 8.0.x below 8.0.12, when running PHP FPM SAPI with the main FPM daemon process running as the root user and child worker processes running as lower-privileged users, it is possible for the child processes to access memory...

Astra Linux – Vulnerability in Linux, Linux 5.10

A use-after-free flaw was discovered in the Linux kernel’s FUSE filesystem, where a user triggers the write function. This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel up to 5.15.2, hwatlutilsfwrpcwait in drivers/net/ethernet/aquantia/atlantic/hwatl/hwatlutils.c allows an attacker who can introduce a crafted device to trigger an out-of-bounds write by using a crafted length value...

Astra Linux – Vulnerability in Cpio

In GNU Cpio from version 2.13 onwards, attackers can execute arbitrary code by using a crafted pattern file. This occurs due to a dstring.c dsfgetstr integer overflow, which triggers an out-of-bounds heap write. NOTE: It is unclear whether there are common cases where the pattern file, associated...

Astra Linux – Vulnerability in lz4

There is a flaw in lz4. An attacker who submits a crafted file to an application that uses lz4 may be able to trigger an integer overflow, resulting in the call to memmove with a negative size argument. This can lead to an out-of-bounds write and/or a system crash. The most significant impact of...

Astra Linux – Vulnerability in Linux

The fs/seqfile.c file in the Linux kernel versions 3.16 through 5.13.x, prior to 5.13.4, does not properly restrict seq buffer allocations. This results in an integer overflow, an Out-of-bounds Write, and an escalation of privileges to the root user by an unprivileged user, identified as...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal conditions of the asyncwrite flag and cause a BUGON...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

A issue was discovered in lib/kobject.c in the Linux kernel before version 6.2.3. With root access, an attacker can trigger a race condition that results in an out-of-bounds write of the fillkobjpath variable...