18102 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ipmi: Fixed UAF when uninstalling the ipmisi and ipmimsghandler modules Hi, During testing the installation and uninstallation of the ipmisi.ko and ipmimsghandler.ko modules, the system crashed. The log contains the following...
Astra Linux – Vulnerability in glibc
A flaw was discovered in glibc. A “off-by-one” buffer overflow and underflow in the getcwd function may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and the size passed to getcwd in a setuid program could exploit this flaw t...
Astra Linux – Vulnerability in wavpack
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is: ParseWave64HeaderConfig wave64.c:211. The attack vector is a maliciously crafted .wav file. The fixed version is: Afte...
Astra Linux – Vulnerability in wavpack
WavPack 5.1.0 and earlier is affected by: CWE-457: Use of Uninitialized Variables. The impact includes unexpected control flow, crashes, and segfaults. The affected component is ParseCaffHeaderConfig caff.c:486. The attack vector is a maliciously crafted .wav file. The fixed version is after the...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: Power: Supply: bq27xxx: Fixed handling of pollinterval and races during removal operations. Before this patch, the bq27xxxbatteryteardown function set pollinterval to 0 to avoid requeuing the delayedwork item during...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: Fixed a potential deadlock in blkiarangesysfsshow When reading a sysfs attribute, the attribute is already protected against removal due to the active reference counter of the kobject node. As a result, in...
Astra Linux – Vulnerability in Zabbix
The vulnerability is caused by an improper check to ensure that RDLENGTH does not overflow the buffer in response from the DNS server...
Astra Linux – Vulnerability in openjdk-11
Vulnerability in the Oracle Java SE and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Concurrency. The supported versions affected by this vulnerability are Oracle Java SE: 8u411, 8u411-perf, 11.0.23; Oracle GraalVM Enterprise Edition: 20.3.14 and 21.3.10. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mctp: Fixed an error handling path in mctpinit. If mctpneighinit returns an error, the route resources should be released during the error handling path. Otherwise, some resources may be leaked...
Astra Linux – Vulnerability in bluez
The bluetoothd function from the bluez library incorrectly preserves the discoverable status of adapters when a device is powered down, and restores that status when the device is powered on again. If a device is in the discoverable state while powered down, it will remain discoverable when the...
Astra Linux – Vulnerability in Linux, Linux 5.10
A race condition was identified in the Linux kernel’s perfeventopen function, which can be exploited by an unprivileged user to gain root privileges. This bug allows for the exploitation of several attack primitives, such as kernel address information leakage and arbitrary execution...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ath10k: Skip ath10khalt during suspend for the driver state RESTARTING. A double-free crash occurs when FW recovery caused by wmi timeout/crash is followed by an immediate suspend event. FW recovery is triggered by...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed a bo leak in intelfbboframebufferinit. Added a unreference of “bo” in the error path to prevent the leakage of a “bo” reference. Return 0 on success to clarify the success path. Cherry-picked from commit...
Astra Linux – Vulnerability in open-vm-tools
VMware Tools 12.0.0, 11.x.y, and 10.x.y contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the guest OS can escalate privileges as a root user in the virtual machine...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Counter: rz-mtu3-cnt: Do not use the dev member of the struct rzmtu3channel. The counter driver can use HW channels 1 and 2, while the PWM driver can use HW channels 0, 1, 2, 3, 4, 6, 7. The dev member is assigned both by the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue of using the wrong skb when comparing the queued RESP challenge serial number has been fixed. In rxrpcpostresponse, the code should compare the challenge serial number from the cached response before deciding to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: added a sanity check on the previous kernel’s ima kexec buffer. When the second-stage kernel is booted via kexec with a limiting command line such as “mem=”, the physical range that contains the carried over IMA...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net.manap: Null servicewq on setup error to prevent double destruction. In the managdsetup error path, servicewq is set to NULL after destroyworkqueue, to match the cleanup in managdcleanup. This prevents a use-after-free if the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fixed a race condition during IPSec ESN update. In IPSec full offload mode, the device reports an ESN Extended Sequence Number wrap event to the driver. The driver validates this event by querying the IPSec ASO and...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fixed an overflow issue when dealing with long HMAC keys. When a key that is longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be...
Astra Linux – Vulnerability in libstb
In Libsixel, prior to and including v1.10.3, a NULL pointer dereferencing in the stbimage.h component of libsixel allows attackers to cause a denial of service DOS through a crafted PICT file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: X.509: Fixed out-of-bounds access during the parsing of extensions Leo reports a situation where out-of-bounds access occurs during the parsing of a certificate with empty Basic Constraints or Key Usage extensions. This occurs...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been addressed through improved checks. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Do not overwrite the KMS surface dirty tracker. We were overwriting the surface’s dirty tracker, which caused a memory leak...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in WebKit2GTK
This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, and watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd – Fix for leaking event log memory During the device removal process, the device is reset, causing the configuration registers to return to their default state, which is zero. Since the driver checks whether the...
Astra Linux – Vulnerability in Firefox and Thunderbird
JIT compilation errors in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 146, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux – Vulnerability in Chromium
The poor implementation of the Loader component in Google Chrome before version 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k: hifusb: fixed a memory leak of urbs in ath9khifusbdealloctxurbs. Syzkaller reported a well-known leak of urbs in ath9khifusbdealloctxurbs. The cause of the leak is that usbgeturb is called, but usbfreeurb or usbputur...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fixed an oops in xegemfault when running the corehotunplug test. An oops occurred in xegemfault when running the xe-fast-feedback testlist against the realtime kernel without debug options enabled. The panic occurs after...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: amba: bus – fix refcount leak The commit 5de1540b7bc4 from drivers/amba: create devices from device tree increases the refcount of ofnode, but does not release it in ambadevicerelease. This results in a refcount leak. By using...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hfs: Ensure that sb-sfsinfo is always cleaned up. When hfs was converted to the new mount API, a bug was introduced by changing the allocation pattern of sb-sfsinfo. If setupbdevsuper fails after a new superblock has been allocat...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: smb: client: The split caching of bitfields in cachedfid was introduced to avoid race conditions involving shared-byte registers. The functions isopen, haslease, and onlist are stored in the same bitfield byte within the struc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Use rawsmpprocessorid instead of smpprocessorid. The following call trace was observed: localhost kernel: nvme nvme0: NVME-FC0: controller connect complete localhost kernel: BUG: Using smpprocessorid in preemptible...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use-after-free out of bounds. When we run syzkaller, we encounter an Out of Bounds error. “KASAN: slab-out-of-bounds Read in regcacheflatread.” The issue’s backtrace is as follows: BUG: KASAN:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpulatencyqosadd/remove/updaterequest interfaces lack internal synchronization by design, requiring the caller to ensure thread safety. The current...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: In loopsetstatusfrominfo, the checks for lo-looffset and lo-losizelimit should be performed before reassigning them. This is because if an overflow error occurs, the original correct value will be changed to the wrong value, and ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Use spinlockirqsave in adjustinuseandcalccost. The adjustinuseandcalccost function uses spinlockirq, and IRQ will be enabled when unlocking. A DEADLOCK may occur if other locks are held and IRQs are disabled before...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: The label should be released when replacing an existing ct entry. The cited “commit” does not release the label mapping when replacing an existing ct entry, leading to the following memory leak report: Unreferenced...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iommufd: Fixed the issue where pages were unpinned when an access was present. syzkaller discovered that the calculation of batchlastindex should use ‘startindex’, because when this function is called, the batch is either empt...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slaveconfig The issue involved a corrupted slaveconfig function that incorrectly compared peripheralsize with the size of the config pointer, rather than the size of the config...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fixed a null pointer dereference in blkmqclearrqmapping. Our syzkaller report identified a null pointer dereference. The root cause is as follows: - blkmqallocmapandrqs: set-tagshctxidx = blkmqallocmapandrqs. -...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: The use of a spinlock for the context list protection lock was corrected. Previously, a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validated the box size for the snooped cursor. Invalid user-space DMA surface copies could potentially cause an overflow when copying data from the surface to the snooped image, leading to crashes. To address this...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing the lifetime of the sysfs interface The current nilfs2 sysfs support has issues with the timing of the creation and deletion of sysfs entries. This may lead to null pointer dereferences, use-after-free errors, a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vimc: Fixed an incorrect function call when vimcinit fails. In vimcinit, when platformdriverregister&vimcpdrv fails, the function platformdriverunregister&vimcpdrv is called incorrectly instead of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS – Fixed a memory leak in the hwspoolbuddyinit error path. In the error path of hwspoolbuddyinit, the buddy allocator cleanup does not free the allocator structure itself, resulting in a memory leak. Added the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Added a null pointer check for dpuencoderneedsmodeset. The drmatomicgetnewconnectorstate function may return NULL if the connector is not part of the atomic state. A check was added to prevent a NULL pointer...