18102 matches found
Astra Linux – Vulnerability in mbedtls
There is a denial-of-service vulnerability in mbed TLS 3.0.0 and earlier versions, specifically in the mbedtlspkcs12derivation function, when the length of the input password is 0...
Astra Linux – Vulnerability in Firefox
A malicious extension with the “search” permission could have installed a new search engine, and the favicon of this engine referenced a cross-origin URL. The response to this cross-origin request could have been read by the extension, allowing it to bypass the same-origin policy—even though the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: mips: bmips: BCM6358: disabled RAC flush for TP1 RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1: 3.881739 usb 1-1: new high-speed USB device number 2 using ehci-platform 3.895011 Reserved...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered The powersupply framework is not actually designed to have long-term references to powersupply devices in the kernel. Specifically, unregistering a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: f2fs: A fix was made to prevent race conditions during the fsyncentryslab access by multiple f2fs filesystem instances. As reported by syzbot, there is a use-after-free issue during f2fs recovery: A use-after-free occurs when...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Check for any of tcpbpfprots when cloning a listener. A listening socket linked to a sockmap has its skprot overridden. It points to one of the struct proto variants in tcpbpfprots. This variant depends on the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fixed an stale locked mutex in nouveaugemioctlpushbuf If VMBIND is enabled on the client, the legacy submission ioctl cannot be used. However, if a client attempts to use it anyway, an error will be returned. In this...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: The issue where inline data checks might be performed during dio write operations has been fixed. According to syzbot, the following warning from ext4iomapbegin is triggered as of the referenced commit: c if...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/tdx: Panics occur in cases of incorrect configurations involving access to “private” memory, resulting in a VE exception. All normal kernel memory is considered “TDX private memory”. This includes everything, from kernel...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Properly pinning the parent in blkcgcssonline. blkcgcssonline is supposed to pin the blkcg of the parent, but after refactoring the code, it was changed to pin the css instead. This results in additional pinnings, and...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed issues related to data races around sysctltcpfastopen. When reading sysctltcpfastopen, it can be changed concurrently. Therefore, we need to add READONCE to its readers...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Fix for buffer overflow in the elem comparison. For vendor elements, the code assumes that 5 octets are present without checking them. Since the element itself has already been checked for compatibility, we only...
Astra Linux – Vulnerability in libstb
A issue was discovered in stbstbimage.h 2.27. The PNM loader incorrectly interpreted 16-bit PGM files as 8-bit when converting them to RGBA format. This led to a buffer overflow when the result was re-interpreted as a 16-bit buffer. An attacker could potentially use stbimage to crash a service, o...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a null check in resourcelogpipetopologyupdate REASON When switching from “Extend” to “Second Display Only”, we sometimes call resourcegetotgmasterforstream on an eDP stream, even though the eDP is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/handshake: fixed null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if the socket lookup fails. We should also call tracehandshakecmddoneerr before releasing the file; otherwise, dereferencin...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7173 – fixed the index used to access the channel when accessing the syscalibmode attribute. The address field is a 0-based index the same as scanindex, which is used to access the channel in the ad7173channels array...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fs/proc: dotaskstat: The sig-statslock lock is used to gather statistics about threads/children. The locktasksighand function can cause a hard lockup. If NRCPUS threads call dotaskstat at the same time, and the process has...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: USB: core: Fixed a race condition by not overwriting udev-descriptor in hubportinit. Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: Out-of-bounds reading in readdescriptors+0x263/0x280,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fixed a NULL pointer dereferencing issue when removing debugfs. We now remove the debugfs entries of the device when unbinding the driver. This now causes a NULL-pointer dereferencing issue at the end of the module,...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Soundwire: Fixing enumeration completion The Soundwire subsystem uses two completion structures that allow drivers to wait for the Soundwire device to be enumerated on the bus and initialized by their respective drivers. The code...
Astra Linux – Vulnerability in Firefox
Insufficient validation in the Drag and Drop API, combined with social engineering, may have allowed an attacker to trick end-users into creating shortcuts to local system files. This could have been exploited to execute arbitrary code. This vulnerability affects Firefox versions earlier than 115...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: kernfs: A use-after-free issue has been fixed in kernfsremove. Syzkaller managed to trigger concurrent calls to kernfsremovebynamens for the same file, resulting in a KASAN detected use-after-free. This race condition occurs...
Astra Linux – Vulnerability in PHP 7.3
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25, and 8.0.x below 8.0.12, when running PHP FPM SAPI with the main FPM daemon process running as the root user and child worker processes running as lower-privileged users, it is possible for the child processes to access memory...
Astra Linux – Vulnerability in sendmail
Sendmail in version 8.17.2 allows for SMTP smuggling in certain configurations. Remote attackers can utilize a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Sendmail supports...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail of a data structure may have some unexpected side effects if a program uses a helper function like BPFFUNCskbpulldata to read partial content beyond th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Soundwire: qcom: fix for storing port configuration beyond the bounds The value of qcomswrmctrl-pconfig is QCOMSDWMAXPORTS 14. However, we index it starting from 1, not 0, to match the actual port numbers. This can lead to writin...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llccdrivdata as edacdevicectlinfo’s pvtinfo. The memory for llccdrivdata is allocated by the LLCC driver. However, when it is passed as private driver information to the EDAC core, it will be freed during t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: net/smc: Resetting connections when trying to use SMCRv2 fails. We identified a crash when using SMCRv2 with 2 Mellanox ConnectX-4 devices. This issue can be reproduced by running the following commands: - smcrun nginx - smcru...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: A buffer overflow has been fixed in the liootargetnaclinfoshow function. The function liootargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checkin...
Astra Linux – Vulnerability in xorg-server
A vulnerability was discovered in X.Org. This security flaw arises because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This issue can lead to local privileges escalation on systems where the X server is running with privileged access, and may...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: A potential NULL dereferencing in mtkcrtcdestroy has been fixed. In mtkcrtccreate, if the call to mboxrequestchannel fails, we set the pointer mtkcrtc-cmdqclient.chan to NULL. In that case, we do not call...
Astra Linux – Vulnerability in libpgjava
The PostgreSQL JDBC Driver also known as PgJDBC prior to version 42.2.13 allowed XXE...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: xtensa: Fixed the refcount leak issue in the time.c file. In calibccount, the offindcompatiblenode function will return a node pointer with the refcount incremented. We should use ofnodeput when this function is no longer need...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: padata: Always keep BHs disabled when running -parallel. A deadlock can occur when an overloaded system runs -parallel in the context of the current task. The code snippet shows that padatadoparallel calls -parallel, which in tur...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the audio processing component of Google Chrome prior to version 87.0.4280.141 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression issue related to the removal of the procfs host directory The commit fc663711b944 “scsi: core: Removed the /proc/scsi/$procname directory earlier” fixed a bug related to module loading/unloading...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: vpvdpa: fixed the crash that occurs when the vpvdpa device is unplugged suddenly. When the vpvdpa device is unplugged, it triggers a kernel panic. The root cause is that vdpamgmtdevunregister will access modern devices, leadin...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath11k: Fixed corruption of SKBs in the REO destination ring. While running traffic for a long time, a random RX descriptor filled with the value “0” from the REO destination ring is received. This invalid descriptor...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in the iFrame Sandbox in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to bypass navigation restrictions through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: USB: chipidea – fixed a memory leak that occurred when using debugfslookup. When calling debugfslookup, the result must also contain a call to dput; otherwise, memory will leak over time. To simplify things, simply call...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: an implicit overflow issue with virtiomaxdmasize has been fixed. The following code involves an implicit conversion from sizet to u32: u32maxsize = sizetvirtiomaxdmasizevdev; This may lead to an overflow situation; fo...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow vulnerability in Google Chrome’s Media component on Linux, prior to version 88.0.4324.182, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in ICU
It was discovered that International Components for Unicode ICU-20850 v66.1 contains a use after free bug in the pkgcreateWithAssemblyCode function in the tools/pkgdata/pkgdata.cpp file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libbpf: Fixed a memory leak in strset. The entire struct strset was freed, not just its internal components...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RISCV: Fixed the issue of loading 64-bit NOMMU kernels beyond the start of RAM. The commit 3335068f8721 “RISCV: Use PUD/P4D/PGD pages for the linear mapping” added logic to allow using memory below the kernel’s load address...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fixed the overly strict sanity checks related to blanking periods. Sanity checks were added to verify the v4l2bttimings blanking fields, in order to avoid integer overflows when the user space passes...
Astra Linux – Vulnerability in Firefox and Thunderbird
Mozilla developers and community members reported memory safety bugs in Firefox 86 and Firefox ESR 78.8. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability...
Astra Linux – Vulnerability in Firefox and Thunderbird
After requesting multiple permissions and closing the first permission panel, subsequent permission panels will be displayed in a different position, but still record a click at the default location. This allows users to be tricked into accepting permissions they do not want to grant. This bug on...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: btrfs: Fixed a deadlock that occurred when cloning inline extents and using qgroups. There are a few exceptional cases where cloning an inline extent requires copying the inline extent data into a page of the destination inode...
Astra Linux – Vulnerability in Linux
In the Linux kernel, the following vulnerabilities have been resolved: drm: bridge/panel: Cleans up the connector when the bridge is detached If we do not call drmconnectorcleanup manually in panelbridgedetach, the connector will be cleaned up along with other DRM objects during the call to...