18102 matches found
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
A use-after-free vulnerability was discovered in the siano smsusb module within the Linux kernel. The bug occurs during device initialization, when the siano device is plugged in. This flaw allows a local user to crash the system, resulting in a denial-of-service condition...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch – Initialize work before device registration. Syzbot has reported a warning in flushwork. This warning occurs due to work-func == NULL, which indicates that work initialization was missed. This issue can occur...
Astra Linux – Vulnerability in libstb
It was discovered that Nothings stb 2.28 contains a Null Pointer Dereference issue through the stbiconvertformat function. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted PIC file...
Astra Linux – Vulnerability in edk2
Improper configuration in the system firmware for EDK II may allow unauthenticated users to potentially enable privilege escalation, information disclosure, and/or denial of service through local access...
Astra Linux – Vulnerability in Zabbix
A authenticated user can create a link containing XSS payloads for action pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page, and can make arbitrary modifications to the contents of the page displayed to the victim. This attack can be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loops when trying to resize the local TT. If the MTU of one of the attached interfaces becomes too small to transmit the local translation table, then it must be resized to fit within all fragments when...
Astra Linux – Vulnerability in GraphicsMagick
GraphicsMagick version 1.3.35 has a heap-based buffer overflow in the ReadMNGImage function in the coders/png.c file...
Astra Linux – Vulnerability in Ceph
A flaw was discovered in ceph-dashboard. The JSON Web Token JWT used for user authentication is stored by the frontend application in the browser’s localStorage, which is potentially vulnerable to attacks via XSS attacks. The most significant threat of this vulnerability is related to data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: arm64: topology: Fix for a potential overflow in amufiesetup. The function cpufreqgetHWmaxfreq returns the maximum frequency in kHz as an unsigned int. However, the function freqinvsetmaxratio receives this frequency in Hz as an...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: jfs: fixed an invalid free of JFSIPipimap-iimap in diUnmount. syzbot detected an invalid-free in diUnmount: BUG: KASAN: double-free in slabfree mm/slub.c:3661 inline BUG: KASAN: double-free in kmemcachefree+0x71/0x110...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Unnecessary releasememregion has been removed. The unnecessary releasememregion was removed from the error path to prevent the memregion from being released twice, which could lead to resource leaks or other...
Astra Linux – Vulnerability in WebKit2GTK
In WebKitGTK before 2.32.4, there is a use-after-free in WebCore::Frame::page, a different vulnerability than CVE-2021-30889...
Astra Linux – Vulnerability in binutils
It has been discovered that GNU Binutils prior to version 2.40 contains a vulnerability involving excessive memory consumption, caused by the loadseparatedebugfiles function in dwarf2.c. An attacker could provide a crafted ELF file and trigger a DNS attack...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fixed a use-after-free in acpiutcopyipackagetoipackage. There is a use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Reading of size 1 at addr ffff888112afc460 by task...
Astra Linux – Vulnerability in docker.io
Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine where attempting to copy files using docker cp into a specially crafted container can result in changes to Unix file permissions for existing files in the host’s...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: A UAF bug was fixed in the error path of the probing process. When the driver fails in sndcardregister during the probing phase, it will free the bcd2k-midiouturb before terminating it, which could lead to a UAF bu...
Astra Linux – Vulnerability in Wireshark
The T.38 dissector crash in Wireshark versions 4.2.0 to 4.0.3, and 4.0.0 to 4.0.13 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in binutils
Heap-based Buffer Overflow in the bfdgetl32 function in Binutils objdump 3.37...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumacltcam: Fixed incorrect use of the list API. Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call listfirstentry on the respective...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fixed a null pointer dereference in btintelreadversion. If hcicmdsyncComplete is triggered and skb is NULL, then hdev-reqskb will also be NULL, which will cause this issue...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: smb: Client: Fixed a potential Use-after-Free UAF in smb2isnetworknamedeleted. Skipped sessions that are being terminated status == SESEXITING to avoid UAF...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Prevent double-free on error. The error handling path in itsvpeirqdomainalloc causes a double-free when itsvpeinit fails after successfully allocating at least one interrupt. This occurs because...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgrlock The smpcallfunction always runs its callback in a hard IRQ context, even when running under PREEMPTRT, where spinlocks may be in a sleeping state. Therefore, we need to use a raw...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: phy: Fix for accessing an empty array when the phygetinternaldelay function is called, provided that the driver calls phygetinternaldelay without defining delayvalues, and rx-internal-delay-ps or tx-internal-delay-ps is set ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Media: edia: dvbdev: fixed a use-after-free issue. In dvbregisterdevice, pdvbdev is set to equal dvbdev, which is freed in several error-handling paths. However, pdvbdev is not set to NULL after dvbdev’s deallocation, resulting i...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: nouveau: fixed a race condition related to ptr storage operations. When running many VK CTS tests in parallel against nouveau, every few hours, you might encounter a crash like this. BUG: Kernel NULL pointer dereference, address:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: fat: Fixed an uninitialized field in the nostale filehandles. When the fatencodefhnostale function encodes a file handle without a parent handle, it only stores the first 10 bytes of the file handle. However, the length of the fi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: iptunnel: ensure that the inner header is pulled in iptunnelrcv The same fixes were applied in the following issues: 8d975c15c0cd “ip6tunnel: ensure that the inner header is pulled in ip6tnlrcv” 1ca1ba465e55 “geneve: ensu...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: “quota”: Fixed the potential NULL pointer dereferencing. The race condition below may cause NULL pointer dereferencing. P1 P2 dquotfreeinode quotaoff dropdquotref removedquotref dquots = idquotinode dquots = idquotinode...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in the .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the “startupxen” entry point. This information is used before booting...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: sr – fixed possible use-after-free and nullptrderef issues. The pernet operations structure for the subsystem must be registered before registering the generic netlink family...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sc8180x: Mark CO0 BCM as keepalive. The CO0 BCM needs to remain active at all times. Otherwise, some hardware such as the UFS controller will lose its connection to the rest of the SoC, resulting in a system...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a potential bug in endbufferasyncwrite According to a syzbot report, endbufferasyncwrite, which handles the completion of block device writes, may detect abnormal conditions of the asyncwrite flag and cause a BUGON...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reordering cleanup operations to avoid UAF bugs The dreamcastcard-timer could schedule the spudmawork, and the spudmawork could also trigger the dreamcastcard-timer. When the sndpcmsubstream is closing, the...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: TCP: Make sure init calls the spinlocks of the acceptqueue once. When I run the reproduction C program by syz locally, it causes the following issue: pvqspinlock: Lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19;...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A memory read flaw that is outside the safe bounds was discovered in receiveencryptedstandard in fs/smb/client/smb2ops.c, within the SMB Client sub-component of the Linux kernel. This issue arises due to an integer underflow occurring during the memcpy operation’s length calculation, resulting in...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fixed a possible NULL pointer dereferencing in sendacknowledge This issue involves handling memory allocation failures caused by nciskballoc, which calls allocskb. This fix prevents possible NULL pointer dereferences...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nbd: Fixed a UAF Use-after-Allocation in nbdopen. The commit 4af5f2e03013 “nbd: Use blkmqallocdisk and blkcleanupdisk“” addresses the issue where blkcleanupdisk no longer sets disk-privatedata to NULL. A UAF could potentially...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3 – A buffer overflow vulnerability may occur when reading coalesce info via debugfs. The hns3 driver defines an array of strings to store coalesce info. However, if the kernel introduces a new mode or state, a buffer...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: Fix to wait on block writeback in the postread case. If the inode is compressed but not encrypted, the function f2fswaitonblockwriteback was not called properly to wait for the GC-ed page writeback in the IPU write path...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: A null pointer check was added in updateeventsingroup. kasprintf returns a pointer to dynamically allocated memory; this pointer can be NULL in case of failure...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a suspicious RCU usage warning I received the following warning while running cthon on an Ontap server running pNFS: 57.202521 ============================= 57.202522 WARNING: Suspicious RCU usage 57.202523...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/47x: Fixed the crash that occurred during the 47x syscall return. Eddie reported that newer kernels crashed during boot on his 476FSP2 system: - The kernel attempted to execute the user page b7ee2000 – a potential...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: Input: powermate – fixed a use-after-free in powermateconfigComplete. Syzbot has identified a use-after-free bug 1 in the powermate driver. This occurs when the device is disconnected, causing memory related to the powermatedevic...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware, we never assign a callback for that function. At the same time, we mount efivarfs as RO so that no one...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: mtd: Fixed a NULL pointer dereferencing issue caused by the ftl notifier. If both ftl.ko and gluebi.ko are loaded, the ftl notifier triggers a NULL pointer dereferencing when attempting to access ‘gluebi-desc’ in gluebiread. In t...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A issue was discovered in the Linux kernel before version 6.6.8. The roseioctl function in net/rose/afrose.c has a use-after-free issue due to a race condition involving roseaccept...
Astra Linux – Vulnerabilities in unbound, bind9, and dnsmasq
Certain aspects of the DNS protocol’s DNSSEC mechanism described in RFC 4033, 4034, 4035, 6840, and related RFCs allow remote attackers to cause a denial of service attack by manipulating one or more DNSSEC responses. This issue is known as the “KeyTrap” problem. One of the concerns is that, when...
Astra Linux – Vulnerability in glibc
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...