Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm flakey: Do not corrupt the zero page. When we need to zero a certain range on a block device, the function blkdevissuezeropages submits a write request with the bio vector pointing to the zero page. If we use the dm-flakey...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: Avoid exposing kernel data to user space through struct iwpoint struct iwpoint contains a 32-bit field on 64-bit architectures. c struct iwpoint void user pointer; / Pointer to the data in user space / u16 length; / Number ...

Astra Linux – Vulnerability in hdf5

A SIGFPE signal is raised in the function H5Dselectio of H5Dselect.c in the HDF HDF5 through 1.10.3 library during an attempt to parse a crafted HDF file. This occurs due to incorrect protection against division by zero. This could allow a remote denial-of-service attack to occur...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Versions of FreeRDP affected by this issue lack input length validation in the “drive” channel. A malicious server can trick a FreeRDP-based client into reading out-of-bound data and sending it back to the server. This issue has been...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free remote desktop protocol library and client. Affected versions of FreeRDP lack input validation in the urbdrc channel. A malicious server can trick a FreeRDP-based client into crashing due to a division by zero. This issue has been addressed in version 2.9.0. All users are advise...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A division-by-zero error on some AMD processors may potentially return speculative data, resulting in a loss of confidentiality...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: zonefs: fixed zonefsiomapbegin for reads. If a readahead operation is issued on a sequential zone file with an offset that exactly equals the current file size, the iomap type is set to IOMAPUNWRITTEN, which will prevent any I/O...

Astra Linux – Vulnerability in libvncserver

A divide by zero issue was detected in libvncserver-0.9.12. A malicious client could exploit this flaw to send a specially crafted message. When this message is processed by the VNC server, it will cause a floating-point exception, resulting in a denial of service...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: The issue of using NULL for folio handling in movepageshugepmd has been fixed. movepageshugepmd handles UFFDIOMOVE operations for both normal THPs and huge zero pages. For the huge zero page, srcfolio is explicitly...

Astra Linux - уязвимость в libssh

The API function sshgethexa is vulnerable when a 0-length input is provided to this function. This function is internally used in sshgetfingerprinthash and sshprinthexa deprecated, and it is also vulnerable to such inputs the length of the input is provided by the calling application. This functi...

Astra Linux - уязвимость в linux

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service host OS hang via a high rate of events to dom0, aka CID-e99502f76271...

Astra Linux – Vulnerability in Firefox

An attacker could have written a value to the first element of a zero-length JavaScript array. Although the array was zero-length, the value was not written to an invalid memory address. This vulnerability affects Firefox versions earlier than 104...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nexthop: Fixed a division by zero issue when replacing a resilient group. The resilient nexthop group-related torture tests in fibnexthop.sh exposed a possible division by zero issue when replacing a resilient group 1. This...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fsdax: The infinite loop in daxiomaprw has been fixed. I encountered an infinite loop and a warning message when executing the tail command in virtiofs. Warning: CPU: 10; PID: 964; Location: fs/iomap/iter.c:34,...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: powerpc64/bpf: The instruction “ldbrx” is limited to processors that comply with ISA v2.06. Johan reported the following crash with the testbpf function on the ppc64 e5500 architecture: testbpf: 296 ALUENDFROMLE 64:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: Commands with 0 chunks result in illegal behavior. Submitting a CS with 0 chunks causes an oops; this issue was discovered while attempting to execute the wrong user space driver. MESALOADERDRIVEROVERRIDE=v3d glxin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: The recycle buffer was handled in cases where the Rx queue was full. A missing call to xskbufffree was added when xskrcvzc failed to produce a descriptor for the XSK Rx queue...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Initialization of ddpcomp using devmkcalloc In the case where connroutes is true, an additional slot is allocated in the ddpcomp array. However, the mtkdrmcrtccreate function never seems to initialize this slot duri...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: - In blkdeviomapbegin, the EOF check has been refined. - In blkdeviomapbegin, the offset is rounded down to the logical block size before being stored in iomap-offset. It is also checked that the size remains within the inode...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: spi: hisi-kunpeng: Added verification for the maxfrequency value provided by the firmware. If the value of maxspeedhz is 0, it may cause a division by zero error in hisicalceffectivespeed. The value of maxspeedhz is provided by t...