Lucene search
K
AstralinuxRecent

18102 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in mbedtls

There is a denial-of-service vulnerability in mbed TLS 3.0.0 and earlier versions, specifically in the mbedtlspkcs12derivation function, when the length of the input password is 0...

7.5CVSS6.3AI score0.02214EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Firefox

A malicious extension with the “search” permission could have installed a new search engine, and the favicon of this engine referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing it to bypass the same-origin policy—even though the...

6.5CVSS6.9AI score0.00436EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: mips: bmips: BCM6358: disabled RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved...

5.6AI score0.00173EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long-term references to powersupply devices in the kernel. Specifically, unregistering a...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...

5.5CVSS6.1AI score0.00232EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener. A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. This variant depends on the...

5.5CVSS5.9AI score0.00266EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fixed an stale locked mutex in nouveaugemioctlpushbuf If VMBIND is enabled on the client, the legacy submission ioctl cannot be used. However, if a client attempts to use it anyway, an error will be returned. In this...

5.5CVSS5.7AI score0.00173EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: The issue where inline data checks might be performed during dio write operations has been fixed. According to syzbot, the following warning from ext4iomapbegin is triggered as of the referenced commit: c if...

4.7CVSS5.8AI score0.00179EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: x86/tdx: Panics occur in cases of incorrect configurations involving access to “private” memory, resulting in a VE exception. All normal kernel memory is considered “TDX private memory”. This includes everything, from kernel...

5.5CVSS6.3AI score0.0014EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Properly pinning the parent in blkcgcssonline. blkcgcssonline is supposed to pin the blkcg of the parent, but after refactoring the code, it was changed to pin the css instead. This results in additional pinnings, and...

5.5CVSS5.6AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopen. When reading sysctltcpfastopen, it can be changed concurrently. Therefore, we need to add READONCE to its readers...

4.7CVSS6.1AI score0.00181EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fix for buffer overflow in the elem comparison. For vendor elements, the code assumes that 5 octets are present without checking them. Since the element itself has already been checked for compatibility, we only...

7.8CVSS6.4AI score0.00264EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libstb

A issue was discovered in stbstbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting them to RGBA format. This led to a buffer overflow when the result was re-interpreted as a 16-bit buffer. An attacker could potentially use stbimage to crash a service, o...

7.1CVSS7.2AI score0.0136EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a null check in resourcelogpipetopologyupdate REASON When switching from “Extend” to “Second Display Only”, we sometimes call resourcegetotgmasterforstream on an eDP stream, even though the eDP is...

5.5CVSS5.3AI score0.00198EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/handshake: fixed null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if the socket lookup fails. We should also call tracehandshakecmddoneerr before releasing the file; otherwise, dereferencin...

5.5CVSS5.4AI score0.00119EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7173 – fixed the index used to access the channel when accessing the syscalibmode attribute. The address field is a 0-based index the same as scanindex, which is used to access the channel in the ad7173channels array...

7.1CVSS5.7AI score0.0013EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: The sig-statslock lock is used to gather statistics about threads/children. The locktasksighand function can cause a hard lockup. If NRCPUS threads call dotaskstat at the same time, and the process has...

5.5CVSS5.9AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Fixed a race condition by not overwriting udev-descriptor in hubportinit. Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: Out-of-bounds reading in readdescriptors+0x263/0x280,...

6.4CVSS6AI score0.00328EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fixed a NULL pointer dereferencing issue when removing debugfs. We now remove the debugfs entries of the device when unbinding the driver. This now causes a NULL-pointer dereferencing issue at the end of the module,...

5.5CVSS5.2AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Soundwire: Fixing enumeration completion The Soundwire subsystem uses two completion structures that allow drivers to wait for the Soundwire device to be enumerated on the bus and initialized by their respective drivers. The code...

6.1AI score0.00175EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Firefox

Insufficient validation in the Drag and Drop API, combined with social engineering, may have allowed an attacker to trick end-users into creating shortcuts to local system files. This could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 115...

7.8CVSS8AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.15 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: kernfs: A use-after-free issue has been fixed in kernfsremove. Syzkaller managed to trigger concurrent calls to kernfsremovebynamens for the same file, resulting in a KASAN detected use-after-free. This race condition occurs...

7.8CVSS6.3AI score0.0015EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25, and 8.0.x below 8.0.12, when running PHP FPM SAPI with the main FPM daemon process running as the root user and child worker processes running as lower-privileged users, it is possible for the child processes to access memory...

7.8CVSS7.4AI score0.01337EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in sendmail

Sendmail in version 8.17.2 allows for SMTP smuggling in certain configurations. Remote attackers can utilize a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Sendmail supports...

5.3CVSS6.2AI score0.01073EPSS
Exploits2References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail of a data structure may have some unexpected side effects if a program uses a helper function like BPFFUNCskbpulldata to read partial content beyond th...

5.5CVSS5.9AI score0.00196EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Soundwire: qcom: fix for storing port configuration beyond the bounds The value of qcomswrmctrl-pconfig is QCOMSDWMAXPORTS 14. However, we index it starting from 1, not 0, to match the actual port numbers. This can lead to writin...

7.1CVSS6.4AI score0.00164EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo’s pvtinfo. The memory for llccdrivdata is allocated by the LLCC driver. However, when it is passed as private driver information to the EDAC core, it will be freed during t...

7.8CVSS5.8AI score0.00245EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net/smc: Resetting connections when trying to use SMCRv2 fails. We identified a crash when using SMCRv2 with 2 Mellanox ConnectX-4 devices. This issue can be reproduced by running the following commands: - smcrun nginx - smcru...

5.5CVSS6.1AI score0.00134EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: A buffer overflow has been fixed in the liootargetnaclinfoshow function. The function liootargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checkin...

7.8CVSS5.5AI score0.00159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...

8.8CVSS8.2AI score0.02367EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: A potential NULL dereferencing in mtkcrtcdestroy has been fixed. In mtkcrtccreate, if the call to mboxrequestchannel fails, we set the pointer mtkcrtc-cmdqclient.chan to NULL. In that case, we do not call...

5.5CVSS6.2AI score0.00204EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in libpgjava

The PostgreSQL JDBC Driver also known as PgJDBC prior to version 42.2.13 allowed XXE...

7.7CVSS7.4AI score0.04094EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: xtensa: Fixed the refcount leak issue in the time.c file. In calibccount, the offindcompatiblenode function will return a node pointer with the refcount incremented. We should use ofnodeput when this function is no longer need...

5.5CVSS6AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: padata: Always keep BHs disabled when running -parallel. A deadlock can occur when an overloaded system runs -parallel in the context of the current task. The code snippet shows that padatadoparallel calls -parallel, which in tur...

5.5CVSS6.1AI score0.0011EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the audio processing component of Google Chrome prior to version 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS8.7AI score0.01434EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vpvdpa: fixed the crash that occurs when the vpvdpa device is unplugged suddenly. When the vpvdpa device is unplugged, it triggers a kernel panic. The root cause is that vdpamgmtdevunregister will access modern devices, leadin...

7.8CVSS6AI score0.00168EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k: Fixed corruption of SKBs in the REO destination ring. While running traffic for a long time, a random RX descriptor filled with the value “0” from the REO destination ring is received. This invalid descriptor...

5.5CVSS6.2AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...

6.5CVSS7AI score0.00792EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: chipidea – fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also contain a call to dput; otherwise, memory will leak over time. To simplify things, simply call...

5.5CVSS5.2AI score0.00135EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: virtio-blk: an implicit overflow issue with virtiomaxdmasize has been fixed. The following code involves an implicit conversion from sizet to u32: u32maxsize = sizetvirtiomaxdmasizevdev; This may lead to an overflow situation; fo...

5.5CVSS6.2AI score0.00242EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow vulnerability in Google Chrome’s Media component on Linux, prior to version 88.0.4324.182, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS8.1AI score0.01273EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in ICU

It was discovered that International Components for Unicode ICU-20850 v66.1 contains a use after free bug in the pkgcreateWithAssemblyCode function in the tools/pkgdata/pkgdata.cpp file...

5.5CVSS6.6AI score0.01133EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: libbpf: Fixed a memory leak in strset. The entire struct strset was freed, not just its internal components...

5.5CVSS5.3AI score0.00194EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: RISCV: Fixed the issue of loading 64-bit NOMMU kernels beyond the start of RAM. The commit 3335068f8721 “RISCV: Use PUD/P4D/PGD pages for the linear mapping” added logic to allow using memory below the kernel’s load address...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fixed the overly strict sanity checks related to blanking periods. Sanity checks were added to verify the v4l2bttimings blanking fields, in order to avoid integer overflows when the user space passes...

5.5CVSS6.2AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Mozilla developers and community members reported memory safety bugs in Firefox 86 and Firefox ESR 78.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...

8.8CVSS7.4AI score0.01404EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

After requesting multiple permissions and closing the first permission panel, subsequent permission panels will be displayed in a different position, but still record a click at the default location. This allows users to be tricked into accepting permissions they do not want to grant. This bug on...

6.5CVSS6.8AI score0.00945EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed a deadlock that occurred when cloning inline extents and using qgroups. There are a few exceptional cases where cloning an inline extent requires copying the inline extent data into a page of the destination inode...

5.5CVSS6AI score0.00181EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm: bridge/panel: Cleans up the connector when the bridge is detached If we do not call drmconnectorcleanup manually in panelbridgedetach, the connector will be cleaned up along with other DRM objects during the call to...

7.8CVSS6.3AI score0.00255EPSS
Exploits0References2
Total number of security vulnerabilities18102