18102 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
As specified in the W3C Content Security Policy draft, when creating a violation report, “User agents need to ensure that the source file is the URL requested by the page, with pre-redirecting. If this is not possible, user agents must strip the URL to its origin to prevent unintentional leakage....
Astra Linux – Vulnerability in Chromium
Before version 89.0.4389.72, using "After Free" in the Network Internals section of Google Chrome on Linux allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in libproxy
In libproxy, the url.cpp module in version 0.4.15 is vulnerable to a buffer overflow when PAC is enabled. This vulnerability was confirmed by using a large PAC file that was sent without a Content-length header...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: dcb: The correct policy must be chosen to parse DCBATTRBCN. The function dcbnlbcnsetcfg uses an incorrect policy to parse tbDCBATTRBCN. This issue was introduced in commit 859ee3c43812 “DCB: Add support for DCB BCN”. Please...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt7601u: Fix an integer underflow An integer underflow caused by a null pointer dereference occurred in mt7601urxskbfromseg. The variable dmalen in the URB packet could be manipulated, which could trigger an integer underfl...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount It is necessary to ensure that the value of the block size recorded in the superblock is valid. Otherwise, the shift operation used to calculate the block size may overflow, resulting ...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: NFSD: preventing integer overflow on 32-bit systems On a 32-bit system, the operation “len sizeofp” can lead to an integer overflow...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fixed incorrect retrieval of acpchipinfo. Use devgetdrvdatadev-parent instead of devgetplatdatadev to correctly obtain members of acpchipinfo in the acp I2S driver. Previously, some members were not updated proper...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd: fixed a potential memory leak This patch fixes a potential memory leak clksrc when the function returns NULL at the end of its execution. s/free/kfree/ - Alex...
Astra Linux – Vulnerability in opensc
A heap usage issue after a free operation was detected in Opensc before version 0.22.0 in scfilevalid...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: cxl/acpi: Fixed a use-after-free in cxlparsecfmws KASAN and KFENCE detected a use-after-free in the CXL driver. This occurs in the cxldecoderadd function’s failure path. KASAN outputs the following error: BUG: KASAN:...
Astra Linux – Vulnerability in Python-Werkzeug
Werkzeug is a comprehensive WSGI web application library. In affected versions of Werkzeug, the debugger can allow an attacker to execute code on a developer’s machine under certain circumstances. This requires the attacker to get the developer to interact with a domain and subdomain that they...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sbbsizeshift after reading the superblock. Fuzzers often modify sbbsizeshift, but in reality it’s very unlikely that this field would be corrupted on its own. Nevertheless, it should still be checked to avoid potentia...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: xen-netfront: Fixed NULL pointers after live migration. NAPIs are set up for each network interface to poll data for the kernel. The interface with the source host is destroyed during live migration, and a new interface with t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fixed a memory leak in sja1105setupdevlinkregions. When dsadevlinkregioncreate fails in sja1105setupdevlinkregions, priv-regions is not released...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: USB: gadgetfs: Fix race between mounting and unmounting The syzbot fuzzer and Gerald Lee have identified a use-after-free bug in the gadgetfs driver. This bug involves processes concurrently mounting and unmounting the gadgetf...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3wIndextodep, and we might be referring to a non-existent ep, triggering a NULL pointer exception. In certain configurations, we might use few...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: Fix the race condition between the quota enable operation and the quota rescan ioctl call. When enabling quotas, in the btrfsquotaenable function, after committing the transaction, we update fsinfo-quotaroot to point to th...
Astra Linux – Vulnerability in Containerd
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was discovered in Moby Docker Engine prior to version 20.10.14, where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ptp: ocp: fixed use-after-free bugs caused by ptpocpwatchdog The ptpocpdetach function only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, timerdeletesync is not called. This...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdevassertlocked in bnxtfreentpfltrs. The lock should be held during normal run-time but the assert will be triggered see below during bnxtremoveon...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: misc: vmwballoon: A memory leak has been fixed by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise a memory leak will occur over time. To simplify things, simply call...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed the issue with btnxpuartclose. Fixed the scheduling issue during the atomic operation in btnxpuartclose. Properly purged the transmit queue and freed the receiveskb. 10.973809 BUG: Scheduling during...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: pstore/platform: Added a check for kstrdup. Added a check on the return value of kstrdup, and return an error if it fails, in order to avoid NULL pointer dereferencing...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: s390/aes – Fix for buffer overreading in CTR mode When processing the last block, the s390 CTR code will always read a whole block, even if there is no data left in that block. This issue is fixed by using the actual...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: mm/swap: fixed a race condition when skipping swapcache When skipping swapcache for SWPSYNCHRONOUSIO, if two or more threads swap the same entry at the same time, they may obtain different pages A, B. Before one thread T0 finishe...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: The issue lies in ofparsephandlewithargsmap. In this function, the inner loop that iterates through the map entries calls ofnodeputnew to free the reference acquired during the previous iteration of the inner loop. This assumes...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835spihandleerr: Fixed the issue of NULL pointer dereferencing for non-DMA transfers. If an IRQ-based transfer times out, the bcm2835spihandleerr function is called. Since commit 1513ceee70f2 “spi: bcm2835: Drop...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mt76: fixed the race condition related to the “tx status” after the station removal operation. There is a small race condition where ongoing TX activity can cause an skb to be added to the status tracking IDR, even after that...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: In the zone operation, the code must traverse devices under the chunkmutex in btrfscanactivatezone. The btrfscanactivatezone function can be called with the devicelistmutex already held, which could lead to a deadlock. ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: EFI: Runtime: Avoid EFIv2 runtime services on Apple x86 machines Aditya reports that his recent MacBookPro crashes during firmware updates when variable services are used at runtime. The culprit seems to be a call to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: bridge: switchdev: Skip MDB replays of deferred events on offload Before this change, the generation of the list of MDB events to replay competed with the creation of new group memberhips, either through the IGMP/MLD snoopin...
Astra Linux – Vulnerability in gdk-pixbuf
In GNOME GdkPixbuf also known as gdk-pixbuf up to version 2.42.10, the ANI decoder used for Windows animated cursors encounters heap memory corruption when parsing chunks from a crafted .ani file. A crafted file could allow an attacker to overwrite heap metadata, resulting in a denial-of-service...
Astra Linux – Vulnerability in Nasm
A buffer overflow vulnerability exists in the scan function in stdscan.c in nasm 2.15rc0, allowing remote attackers to cause a denial of service by using crafted ASM files...
Astra Linux – Vulnerability in ffmpeg
There is a heap-based Buffer Overflow vulnerability in FFmpeg 4.2, located in the filterframe module of libavfilter/vfbitplanenoise.c. This vulnerability may lead to memory corruption and other potential issues...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 92.0.4515.107 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - Block: Fixed the issue where queues could freeze, compared to the lock order in sysfs store methods. The queueattrstore method always freezes a device queue before calling the attribute store operation. For attributes that...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: sparx5 – Fixed the issue where the entry was still used after being freed within sparx5delmactEntry. Based on the static analysis of the code, it appears that when an entry from the MAC table was removed, the entry was still...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – fixed a potential out-of-bounds read in iwlmvmndmatchinfohandler The memcpy function assumes that the dynamic array notif-matches is at least as large as the number of bytes to be copied. Otherwise,...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fixed a null-ptr-deref in vkmsrelease. A null-ptr-deref occurred when trying to destroy the workqueue in vkms-output.composerworkq during vkmsrelease. KASAN: Null-ptr-deref occurred in the range...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtlwifi: Fixed a global-out-of-bounds bug in rtl8812ae PhySetTxPowerLimit There is a reported global-out-of-bounds issue by KASAN: BUG: KASAN: Global-out-of-bounds in rtl8812aeeqnbyte.part.0+0x3d/0x84 rtl8821ae Reading of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The use-after-free issue in smblazyparentleasebreakclose has been fixed. The opinfo pointer, which is obtained through rcudereferencefp-fopinfo, is accessed after rcureadunlock has been called. This creates a race conditio...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed incorrect early exits for invalid “metabox-enabled” images. Crafted EROFS images with metadata compression enabled can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert “i2c: i801: replace acpilock with I2C bus lock” This revertment is associated with the commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. Under rare circumstances, multiple udev threads may collect information abo...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix for the WARN message triggered in netifnapidellocked when a USB device is disconnected The redundant call to netifnapidel was removed from the disconnect path. A WARN message may be triggered in...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: orangefs: The issue in kmemleak in orangefspreparedebugfshelpstring has been fixed. When inserting or removing the orangefs module, the debughelpstring variable may be leaked: - Unreferenced object: 0xffff8881652ba000 size 4096 -...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: MIPS: fw: Allow firmware to pass an empty environment variable. fwgetenv will use the environment variable entry to determine the style of the environment variables. However, it is legal for the firmware to simply pass an empty...
Astra Linux – Vulnerability in ffmpeg5
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, there is a potential security vulnerability due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: phy: phy-tahvo: fix memory leak in tahvousbprobe Suggestions: drivers/usb/phy/phy-tahvo.c: tahvousbprobe Warning: Missing unwind goto? After obtaining the IRQ, if ret 0, it will return without error handling, freeing up...