18102 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: clk: hisilicon: hi3559a: A mistake in the devmkfree function has been fixed. 'pclk' is an array allocated just before the for loop for all clk elements that need to be registered. It is incremented at each loop iteration. If a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: nexthop: Fixed issues related to data races around nexthopcompatmode. When reading nexthopcompatmode, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Failure in bpftimercancel when the callback is being cancelled Given a schedule: timer1 cb timer2 cb bpftimercanceltimer2; bpftimercanceltimer1; Both bpftimercancel calls will wait for the other callback to complete executio...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init are a bad combination because the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init. Access to a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fixed a panic that occurs when the ipoib sendqueuesize is increased beyond the default value. When the ipoib sendqueuesize is increased, the following panic occurs: RIP: 0010:hfi1ipoibdraintxring+0x45/0xf0 hfi1 Code: 31 ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: crypto: qcom-rng – ensure the buffer for generate is completely filled The generate function in struct rngalg expects that the destination buffer is completely filled if the function returns 0. The qcomrngread function may...
Astra Linux – Vulnerability in unbound
Before version 1.9.5, Unbound allowed for an integer overflow in the size calculation in respip/respip.c. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an active Unbound installation cannot be exploited remotely or locally...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: SCTP: Use callrcu to free endpoints This patch delays the endpoint freeing process by calling callrcu, in order to address another use-after-free issue in sctpsockdump: BUG: KASAN: Use-after-free in lockacquire+0x36d9/0x4c20...
Astra Linux – Vulnerability in Linux
In the file drivers/pci/hotplug/rpadlpar/sysfs.c within the Linux kernel up to version 5.11.8, the RPA PCI Hotplug driver suffers from a user-tolerable buffer overflow when writing a new device name to the driver from user space. This allows user space to write data directly to the kernel stack...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iframe sandbox in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Ice: Fixed improper handling of extts events. Extts events are disabled and enabled by the application ts2phc. However, if the driver is removed while the application is running, a specific extts event remains enabled, which can...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the net subsystem, for the dsa module, the microchip function has been updated to include a condition for scheduling kszmibreadwork. When the ksz module is installed or removed using rmmod, the kernel crashes due to a null...
Astra Linux – Vulnerability in Wireshark
Uncontrolled recursion in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows for denial of service through packet injection or crafted capture files...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.52.0, there was an optimization for joining strings that could cause uninitialized bytes to be exposed or the program to crash if the borrowed string changed after its length was checked...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix possible use-after-free in smsc75xxbind The commit 46a8b29c6306 “net: usb: fix memory leak in smsc75xxBind” fails to clean up the work scheduled in smsc75xxReset-smsc75xxSetMulticast. This leads to a use-after-free ...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the content security policy of Google Chrome prior to version 91.0.4472.77 allowed a remote attacker to bypass the content security policy through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Before version 87.0.4280.88, using extensions in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: watchdog: rzg2lwdt: Fixed ‘BUG: Invalid wait context’ This patch fixes the issue “BUG: Invalid wait context” that occurred during restart. The issue was addressed by using clkprepareenable instead of pmruntimegetsync to enable th...
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle memory deallocation properly. The object in the program is freed, but its address is still used in other locations. Sending specific requests to the dcmqrdb program will lead to a double-free. An attacker can use this vulnerability to launch a DoS attac...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: soc: brcmstb: pm-arm: Fixed bugs related to reference count leaks and iomem leaks. In brcmstbpmprobe, there are two types of leak bugs: 1 We need to add ofnodeput when foreachmatchingnode breaks. 2 We need to call iounmap for...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module loading, a kthread is created that targets the pvr2contextthreadfunc function. This function may call pvr2contextdestroy, thereby calling kfree on the contex...
Astra Linux – Vulnerability in Ansible
A flaw was discovered in Ansible Engine 2.9.18, where sensitive information is not masked by default, and the nolog feature is not protected when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The greatest threat posed by this...
Astra Linux – Vulnerability in imagemagick
In the function SetImageExtent in /MagickCore/image.c, an incorrect image depth value can lead to a memory leak. This occurs because the code that checks for the correct image depth value does not reset the value if an invalid size is encountered. The patch resets the depth value to a valid one...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled !CONFIGIPV6 we'll hit a NULL pointer dereference1 in the error path of nhcreateipv6 due to calling...
Astra Linux – Vulnerability in libwebp
A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the ShiftBytes function...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fixed the PTE update for kernel memory on radix. When adding a PTE, a ptesync is required to ensure that the PTE update is performed correctly. Otherwise, a spurious fault may occur. radixsetpteat does not perform th...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fixed the bulk-buffer overflow issue. The driver uses buffers sized equal to the endpoint size, but it should not assume that the tx and rx buffers have the same size. A malicious device could cause the...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation when parsing a UDP packet, due to an underflow of the netprocessreceivedpacket integer during the udppackethandler call...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumacltcam: Fixed stack corruption When tc filters are first added to a network device, the corresponding local port is bound to an ACL group within the device. This group contains a list of ACLs. Each ACL points t...
Astra Linux – Vulnerability in Firefox
The HTML Sanitizer should have sanitized the href attribute of SVG use tags; however, it incorrectly did not sanitize the xlink:href attributes. This vulnerability affects Firefox versions earlier than 102...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: Unregister wiphy only if it has been registered There is a specific error path in probe functions in wilc drivers both sdio and spi, which can lead to kernel panic. For example, this issue occurs when using SPI:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: stmmac: fixed an issue where TSO DMA API usage caused errors. Commit 66600fac7a98 “net: stmmac: TSO: Fixed unbalanced DMA map/unmap for non-paged SKB data” corrected the assignment of members of txskbuffdma to a later...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fixed the DMA buffer leak issue. Release the DMA buffer when probe returns an error to avoid memory leaks...
Astra Linux - уязвимость в qemu
No description...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in Skia in Google Chrome prior to version 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in TIF format
LibTIFF 4.4.0 contains an out-of-bounds write vulnerability in tiffcrop, located at line 3609 of tools/tiffcrop.c. This vulnerability allows attackers to cause a denial-of-service attack through a malicious TIF file. For users who compile LibTIFF from source code, the fix is available in the comm...
Astra Linux – Vulnerability in c-ares
A flaw was discovered in the c-ares package. The aressetsortlist function lacks checks for the validity of the input string, which could lead to a stack overflow vulnerability with an arbitrary length. This issue may cause a denial of service or have a limited impact on confidentiality and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: scsitransportsas: Fixed error handling in sasPhyadd. If transportadddevice fails in sasPhyadd, the kernel may crash when trying to delete the device via transportRemoveDevice, which is called from sasRemoveHost. The kernel...
Astra Linux – Vulnerability in gpac
A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...
Astra Linux – Vulnerability in Vim
NULL pointer dereferencing in the GitHub repository for Vim/Vim before version 9.0.1392...
Astra Linux – Vulnerability in Chromium
The inappropriate implementation of the Extensions API in Google Chrome prior to version 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control through a crafted HTML page...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed possible out-of-bounds accesses to addldescptr. Sanitized possible out-of-bounds accesses to addldescptr in sesenclosuredataprocess...
Astra Linux – Vulnerability in emacs
A command injection flaw was discovered in the text editor Emacs. This flaw could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirec...
Astra Linux – Vulnerability in ofono
oFono SimToolKit Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit this...
Astra Linux – Vulnerability in Wireshark
MONGO and ZigBee TLV dissector have infinite loops in Wireshark versions 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22. These bugs allow for denial of service through packet injection or with properly crafted capture files...
Astra Linux – Vulnerability in Chromium
The use of after-free in V8 in Google Chrome before version 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
In some code patterns, JIT incorrectly optimized switch statements and generated code that contained vulnerabilities related to out-of-bounds reads. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux – Vulnerability in Chromium
The use of after-free in Downloads in Google Chrome before version 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability affects Firefox version...