18102 matches found
Astra Linux – Vulnerability in SQLite3
In SQlite 3.31.1, a potential null pointer derefrence was detected during the INTERSEC query processing...
Astra Linux – Vulnerability in Chromium
Before version 93.0.4577.82, using the "after free" method in the Selection API in Google Chrome allowed a remote attacker to potentially exploit heap corruption by using a crafted HTML page, as long as that attacker could convince the user to visit a malicious website...
Astra Linux – Vulnerability in Chromium
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation...
Astra Linux – Vulnerability in Chromium
Using the "after free" mechanism in the File API in Google Chrome before version 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In Google Chrome, memory access out of bounds in V8 before version 90.0.4430.85 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome on Windows prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in gaussianblur at libavfilter/vfedgedetect.c, which may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: bcmsf2: Do not use devres for mdiobus As explained in the commits: 74b6d7d13307 “net: dsa: realtek: register the MDIO bus under devres” 5135e96a3dd2 “net: dsa: Do not allocate the slavemiibus using devres” The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/siw: Fixed a refcounting leak in siwcreateqp. The atomicinc function needs to be paired with an atomicdec function in the error handling path...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: The abort logic in btrfsreplacefileextents has been fixed. Error injection testing uncovered a case where a corrupt file system could occur, with an missing extent in the middle of a file. This occurs because the if...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: Fixed a possible NULL dereference. In iwlmvmremovetimeevent, a check was added to ensure that ‘tedata-vif’ is NULL before dereferencing it...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mac80211: Fixed a deadlock issue in AP/VLAN handling. Syzbot reports that when APVLAN interfaces are active, closing the AP interface they belong to can lead to a deadlock. This isn’t surprising—since we use devclose to handle...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS; fixed a crash that occurred during the RX resync process. For the TLS RX resync process, we maintain a list of TLS contexts that require some attention. We communicate their resync information to the hardware...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179178a: Fixed out-of-bounds accesses in RX fixup The ax88179rxfixup function contains several out-of-bounds accesses that can be triggered by a malicious or defective USB device. Specifically: - The metadata array...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: dm snapshot: fixed the lockup issue in dmexceptiontableexit. A lockup was reported when exiting a snapshot with many exceptions. This issue has been fixed by adding “condresched” to the loop that frees the exceptions...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: Bridge: Multicast packets must be confirmed before being passed up the stack. The conntrack/nfconfirm logic does not handle cloned skb objects that reference the same nfct entry. This issue occurs when dealing with...
Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Reset the IH OVERFLOWCLEAR bit. This also allows us to detect subsequent IH ring buffer overflows...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change the logging to dev for mtkdpauxtransfer. Change the logging from drmerr,info to deverr,info in the functions mtkdpauxtransfer and mtkdpauxdotransfer. This will be essential to avoid kernel panics due to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: Intel: avs: Fixed a potential RX buffer overflow issue. If an event causes the firmware to return an invalid RX size for LARGECONFIGGET, memcpyfromio might end up copying too many bytes. This issue was fixed by using min...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: Fixed an issue where the kernel could be exposed after free operation in skbdatagramiter. The syzbot reported the following issue with uninitialized value access 1: The netlinktofullskb function creates a new skb and...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: llc: Calling sockorphan at the release time syzbot reported an interesting trace 1 caused by a stale pointer to sk-skwq in a closed llc socket. In the commit ff7b11aa481f "net: socket: setting sock-sk to NULL after calling...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak has been fixed in hpdrxirqcreateworkqueue. If the construction of the array of work queues to handle hpdrxirq offload fails, we need to unwind the process. All created workqueues and the allocated memory...
Astra Linux – Vulnerability in Linux
Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Atacade: Ahci: Matching EMMAXSLOTS with SATAPMPMAXPORTS UBSAN reports an array-index-out-of-bounds issue: 1.980703 Kernel: UBSAN: Array-index out of bounds in /build/linux-9H675w/linux-5.15.0/drivers/ata/libahci.c:968:41 1.980709...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Stop the mdxraid1 thread when the raid1 array fails to run. When the raid1 array fails to run during initialization, we only assemble the array with inactive disks. However, the mdxraid1 thread is not stopped. Even if t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/sriov: Perform a null check on iov before dereferencing iov. Currently, the pointer to iov is dereferenced before the null check, which can lead to a null pointer dereference error. This issue is fixed by moving t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: phylink: Added a lock to serialize concurrent writes to pl-phydev using phylinkresolve. Currently, phylinkresolve protects itself against concurrent calls to phylinkbringupPhyio or phylinkdisconnectPhyio that modify pl-phyde...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Media: Platform: MediTech: VPU: Fix for NULL pointer dereferencing If pdev is NULL, it is still dereferenced. This fixes the “match warning” in the following file: drivers/media/platform/mediatek/vpu/mtkvpu.c:570 – vpuloadfirmwar...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gvt: fixed the issue where vGPU debugfs was cleaned up during the remove operation. Check carefully whether the root debugfs is available when destroying the vGPU. For example, in the remove operation, the DRM minor’s...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue related to irqdisabled in localbhenable has been fixed. The rxrpcassessMTUsize function calls down into the IP layer to determine the MTU size for a route. When accepting an incoming call, this function is called...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: In devcom, fix the error flow in mlx5devcomregisterdevice. In the event of a failure in devcom allocation, mlx5 always releases the private memory. However, this private memory might have been allocated by a different...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference to usbgetdev is not released during the gpiompsseprobe error paths. This issue was fixed by using device-managed helper functions. Additionally, the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrcnonstatic: Fixed a memory leak in nonstaticreleaseresourcedb. When nonstaticreleaseresourcedb frees all resources associated with a PCMCIA socket, it forgets to free socketdata as well, resulting in a memory leak that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: serial: Fixed the race condition where tty-port wasn’t set. The commit bfc467db60b7 “serial: removed redundant ttyportlinkdevice” was reverted because ttyportlinkdevice isn’t redundant. We need to configure tty-port before callin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: um: initcputasks earlier. This issue is currently addressed in umlfinishsetup. However, for example, when KCOV is enabled, this can still cause crashes, as some initialization code may call functions like memparse, which have...
Astra Linux – Vulnerability in DjVuLibre
DjVuLibre 3.5.27 allows attackers to carry out a denial-of-service attack application crashes due to an out-of-bounds read by creating a corrupted JB2 image file. This occurs due to improper handling of the JB2 image file in the JB2Dict::JB2Codec::getdirectcontext function in libdjvu/JB2Image.h,...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream. No users are affected if they follow the recommendation...
Astra Linux – Vulnerability in Linux
A issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as fully unfragmented frames. An adversary can exploit this vulnerability to inject arbitrary...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: phy: isp1301: fix non-OF device reference imbalance A recent change to fix a device reference leak in a UDC driver introduced a potential use-after-free in the non-OF case. The isp1301getclient helper only increments the...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds When we run syzkaller, we encounter an out-of-bound error. The specific error message is: “KASAN: slab-out-of-bounds Read in regcacheflatread” The backtrace of the issue i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix handling of virtual Fibre Channel timeouts Hyper-V provides the ability to connect Fibre Channel LUNs to the host system and present them as SCSI devices in a guest VM. I/O operations to the vFC device are...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTESHARED on GCS mappings if FEATLPA2 is enabled When FEATLPA2 is enabled, bits 8-9 of the PTE replace the shareability attribute with bits 50-51 of the output address. The PAGEGCS,RO definitions include th...
Astra Linux – Vulnerability in libxstream-java
XStream is a Java library for serializing objects to XML and back again. Before version 1.4.16, XStream had a vulnerability that could allow a remote attacker with sufficient rights to execute commands on the host by manipulating the processed input stream. However, no users are affected as long ...
Astra Linux – Vulnerability in Firefox
The browser might have mistakenly transferred the pointer lock state to another tab, which could lead to clickjacking attacks. This vulnerability affects Firefox versions earlier than 85...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: thunderbolt: fixed a memory leak in tbnetopen. When tbringallocrx fails in tbnetopen, the memory allocated in tbxdomainallocouthopid is not released. Add tbxdomainreleaseouthopid to the error path to release the allocated...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: A memory leak has been fixed in the ipcpciereadbioscfg function. The ipcpciereadbioscfg function uses acpievaluatedsm to obtain the wwan power state configuration from the BIOS. However, it does not free the...
Astra Linux – Vulnerability in Firefox
A transient execution vulnerability, named Floating Point Value Injection FPVI, allowed attackers to leak arbitrary memory addresses and may have also enabled JIT type confusion attacks. A related vulnerability, Speculative Code Store Bypass SCSB, did not affect Firefox. This vulnerability affect...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: dsa: realtek: fixed out-of-bounds access issues The probe function sets priv-chipdata to void priv + sizeofpriv, with the expectation that priv has sufficient trailing space. However, only realtek-smi actually allocated...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fixed an array overflow in rtwgettxpowerparams When using the kernel with the Undefined Behaviour Sanity Checker UBSAN enabled, the following array overflow was logged:...