18102 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Clear stagedconfig before and after it is used. As a temporary storage, stagedconfig in rdtdomain should be cleared before and after it is used. The stale value in stagedconfig could cause an MSR access error. Here i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fixed a memory leak in mlx5eptpopen. When kvzallocnode or kvzalloc fails in mlx5eptpopen, the memory pointed to by “c” or “cparams” is not freed, which can lead to a memory leak. This issue has been fixed by freeing th...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5648: Free V4L2 fwnode data on unbind The V4L2 fwnode data structure is not freed when it is unbound, resulting in a memory leak...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mmc: mxcmmc: Fix the return value check in mmcaddhost. mmcaddhost may return an error. If we ignore its return value, the memory allocated by mmcallochost will be leaked, leading to a kernel crash due to the removal of devices...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virt/coco/sev-guest: Double-buffer messages The encryption algorithms read from and write to shared, unencrypted memory directly. This may lead to the leakage of information, as well as allowing the host to tamper with the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed the error in the length of the VALIDATENEGOTIATEINFO message. The commit code is d5c7076b772a “smb3: added “smb3.1.1” to the default dialect list”. The number of dialects was extended from 3 to 4. However, it was...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Double-free of rqxprtctxt while it is still in use. When a RPC request is deferred, the pointer rqxprtctxt is moved out of the svcrqst to the svcdeferredreq. When the deferred request is revisited, the pointer is copied...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpib: A use-after-free occurred in the IO ioctl handlers. The IBRD, IBWRT, IBCMD, and IBWAIT ioctl handlers use a gpibdescriptor pointer after the board-biggpibmutex has been released. A concurrent IBCLOSEDEV ioctl can free the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handling the case where EIOINTC’s coremap is empty EIOINTC’s coremap in eiointcupdateswcoremap can be empty. Currently, we get a cpuid value of -1 in this case, but we actually need a value of 0, as it is similar ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fixed a NULL pointer dereferencing issue during device cleanup. When GPU initialization fails due to an unsupported HW block, IP blocks may have a NULL version pointer. During cleanup in amdgpudevicefinihw, the code call...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Fixed resource leaks that occur during errors in lineinfochangednotify. During error handling, lineinfochangednotify does not free the allocated resources, resulting in leaks. This issue has been fixed...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: The array index may go out of bounds. Klocwork reports that the array vha-hoststr, which is 16-sized, may use index values 16–19. It is recommended to use snprintf instead of sprintf...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed a bug in ext4mbnew inodepa due to overflow. When calculating the end position of ext4freeextent, this position might be exactly where ext4lblkt i.e., uint overflows. For example, if acgex.felogical is 4294965248 and...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: Tracing: Ensure that traceeventfile has a ref counter. The following actions can cause the kernel to crash: cd /sys/kernel/tracing echo 'p:sched schedule' kprobeevents exec 5events/kprobes/sched/enable kprobeevents exec 5&- Th...
Astra Linux - Vulnerability in Golang-1.19
When following an HTTP redirect to a domain that is not a subdomain match or an exact match of the initial domain, an http.Client does not forward sensitive headers such as “Authorization” or “Cookie”. For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A flaw was discovered in the Netfilter subsystem of the Linux kernel. The nfnlosfaddcallback function did not validate the optnum field controlled by the user mode. This flaw allows a local privileged attacker with CAPNETADMIN privileges to trigger an out-of-bounds read, resulting in a system cra...
Astra Linux – Vulnerability in ncurses
A buffer overflow vulnerability exists in the postprocessterminfo function in tinfo/parseentry.c:997 within ncurses 6.1. This vulnerability allows remote attackers to cause a denial of service by using crafted commands...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed the memory ordering between normal and ordered work functions. Ordered work functions are not guaranteed to be handled by the same thread that executes the normal work functions. The only way to synchronize...
Astra Linux – Vulnerability in RustC
The library/std/src/net/parser.rs file in Rust before version 1.53.0 does not properly handle zero characters at the beginning of an IP address string. In some cases, this allows attackers to bypass access controls based on IP addresses due to incorrect octal interpretation of these characters...
Astra Linux – Vulnerability in Jackson-Databind
FasterXML Jackson-Databind 2.x versions before 2.9.10.8 mishandle the interaction between serialization gadgets and typing, related to com.newrelic agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in WebRTC in Google Chrome prior to version 94.0.4606.81 allowed a remote attacker who convinced a user to navigate to a malicious website to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in payments in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: added a lock to the call to rvterrorqp to prevent a race condition. The documentation for the rvterrorqp function states that both rlock and slock need to be held when calling that function. It also includes an asserti...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: Always call cephShiftUnusedFoliosLeft The function cephProcessFolioBatch sets the folioBatch entries to NULL, which is an illegal state. Before folioBatchRelease crashes due to this API violation, the function...
Astra Linux – Vulnerability in GhostScript
In Artifex Ghostscript version 10.01.0, there is a buffer overflow that may lead to corruption of data within the PostScript interpreter, specifically in the bcp/sbcp.c file. This issue affects functions such as BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled just...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the BUGON issue when the directory entry has an invalid reclen field. The reclen field in the directory entry must be a multiple of 4. A corrupted filesystem image can exploit this bug in the ext4reclentodisk function...
Astra Linux – Vulnerability in Firefox
Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 107. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fix for kernel crash during resume Currently, during resume, the QMI target memory is not handled properly. This results in a kernel crash if DMA remap is not supported: BUG: Incorrect page state in process...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: lib/ioviter: fixed to increase the refcount of non-slab folio pages. When testing EROFS file-backed mounting over v9fs on Qemu, I encountered a UAF Use-after-Allocation issue with folio pages. The page sanity check reported the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a use-after-free on the inode when scanning the root during em shrinking. In the function btrfsscanroot, we access the root of the inode along with fsinfo through a call to btrfsfsclosing. After scheduling the inode...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Marking hrtimers to expire in hard interrupt context Similar to commits 2c0d278f3293f “KVM: LAPIC: Marking hrtimers to expire in hard interrupt context” and 9090825fa9974 “KVM: arm/arm64: Letting timers expire in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed GEM free for imported dma-bufs Imported dma-bufs also have obj-resv != &obj-resv. Therefore, we should check this condition in addition to checking flags for handling the NOSHARE case. Fixed the issue reported...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fixed NULL dereferencing in error handling The following issue was reported: drivers/scsi/qedf/qedfmain.c:3056 qedfallocglobalqueues Warn: Missing “unwind goto”? At this point in the function, nothing has been allocat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Avoid unregistering PSP twice. PSP is unregistered twice in the following paths: mlx5eremove - mlx5epspunregister mlx5eniccleanup - mlx5epspunregister This leads to a refcount underflow under certain conditions:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fixed a potential refcount underflow for idev. In addrconfmodrstimer, the reference to idev depends on whether rstimer is not pending. Therefore, the timeout of rstimer was modified. There is a time gap in 1 during...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ocfs2: fixed a memory leak in ocfs2stackglueinit The ocfs2tableheader should be freed in ocfs2stackglueinit if ocfs2sysfsinit fails; otherwise, kmemleak will report a memory leak. BUG: Memory leak Unreferenced object...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Added the missing REQOPWRITE for flushing bio. When performing mkfs.xfs on a pmem device, the following warning was encountered: ------------ Cut here ------------ Warning: CPU: 2, PID: 384; at block/blk-core.c:751:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: cxl/features: Added a check to ensure there are entries in cxlfeatureinfo. In cxl EDAC calls cxlfeatureinfo to obtain feature information, if the hardware does not support any features, cxlfs can be passed as NULL. 51.957498...
Astra Linux – Vulnerability in pcre3
In PCRE before version 8.44, libpcre allowed integer overflows due to a large number being used after a ?C substring...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: HID: appletbkbd: fixed memory corruption of inputhandlerlist In appletbkbdprobe, an input handler is initialized and then registered with the input core through inputregisterhandler. When this occurs, the input core adds the inpu...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code...
Astra Linux – Vulnerability in pillow
A issue was discovered in Pillow before version 8.2.0. For BLP data, BlpImagePlugin did not properly check the returned data after jumping to file offsets. This could lead to a denial-of-service attack, where the decoder could be executed multiple times with empty data...
Astra Linux – Vulnerability in Firefox
Mozilla developers Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs in Firefox 99. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. Th...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: extcon: The extcon device is modified to be created after the driver data is set. Currently, someone can invoke sysfs functions such as stateshow intermittently before devsetdrvdata is performed. This can lead to a kernel Oops...
Astra Linux – Vulnerability in libstb
stbimage.h 2.27 contains a heap-based buffer within stbijpegload, which can lead to information disclosure or denial of service...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: TCP/UDP: Fixed memory leaks related to sk and zerocopy SKBS with TX timestamps. Syzkaller reported 0 memory leaks of an UDP socket and ZEROCOPY SKBS. We can reproduce this issue with the following sequence: sk = socketAFINET,...
Astra Linux - Vulnerability in Golang-1.19
The handling of certain types of invalid zip files by the archive/zip package differs from the behavior of most zip implementations. This discrepancy could be exploited to create a zip file with contents that vary depending on the implementation used to read the file. The archive/zip package now...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Only trigger DRM HPD events if the bridge is attached. The MediaTek DisplayPort interface bridge driver starts its interrupts as soon as it is probed. However, when the interrupts are triggered, the bridge might...
Astra Linux – Vulnerability in dcmtk
DCMTK through version 3.6.6 does not handle string copying properly. When specific requests are sent to the dcmqrdb program, it queries its database and copies the result, even if the result is null. This can lead to a head-based overflow. An attacker can use this vulnerability to launch a DoS...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only dinvalidate is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0+0x3f3/0x410 Using the...