18102 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix buffer overflow in sja1105setupdevlinkregions If an error occurs in dsadevlinkregioncreate, then the array ‘priv-regions’ will be accessed using a negative index -1. This issue was identified by the Linux...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ca8210: Fix for negative array access to maclen This patch addresses a buffer overflow issue where skb-data is accessed if ieee802154hdrpeekaddrs fails...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fixed the potential double-free of the bit17 bitmask. A userspace environment where multiple threads compete to set the tiling to I915TILINGNONE could lead to a double-free of the bit17 bitmask. Or, conversely, memory...
Astra Linux – Vulnerability in Firefox and Thunderbird
On arm64, WASM code might result in incorrect assembly generation, leading to a register allocation issue and potentially a exploitable crash. This vulnerability affects Thunderbird 91.10, Firefox 101, and Firefox ESR 91.10...
Astra Linux – Vulnerability in Firefox and Thunderbird
Certain network request objects were freed too early when releasing a network request handle. This could have led to a use-after-free condition, potentially causing a crash that can be exploited. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: refactoring the malicious adv data check The issue of out-of-bound reads was detected at the end of the while loop involving the numreports loop. This could lead to false positives being recorded in the journal. A...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in PostgreSQL. By using an UPDATE...RETURNING command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is data confidentiality...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in PostgreSQL versions prior to 13.3, before 12.7, before 11.12, before 10.17, and before 9.6.22. When modifying certain SQL array values, missing bounds checks allow authenticated database users to write arbitrary bytes into a wide range of server memory. The greatest threa...
Astra Linux – Vulnerability in Linux, Linux 5.10
A vulnerability was discovered in the Linux kernel, where a use-after-free condition could occur in nouveau’s postclose handler if a device is removed. This situation occurs when removing a device—a process that isn’t common for physically removing a video card without shutting down the system...
Astra Linux – Vulnerability in avahi
The avahi-daemon-check-dns.sh script within the Debian avahi package, as of version 0.8-4, is executed as the root user via /etc/network/if-up.d/avahi-daemon. This script allows a local attacker to cause a denial of service or create arbitrary empty files through a symlink attack on files located...
Astra Linux – Vulnerability in Chromium
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Astra Linux – Vulnerability in Chromium
In Google Chrome versions prior to 88.0.4324.96, uninitialized usage in USB devices allowed a local attacker to potentially perform out-of-bound memory access through a USB device...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in the File System API of Google Chrome prior to version 88.0.4324.96 allowed a remote attacker to bypass filesystem restrictions through a crafted HTML page...
Astra Linux – Vulnerability in libraw
In LibRaw, there is an out-of-bounds write vulnerability within the "newnode" function libraw\src\x3f\x3futilspatched.cpp that can be triggered via a crafted X3F file...
Astra Linux – Vulnerability in Ansible
A flaw in log handling was discovered in Ansible when using the uri module, which exposes sensitive data to content and json output. This flaw allows attackers to access logs or outputs of executed tasks, thereby enabling them to read keys used in playbooks from other users within the uri module...
Astra Linux – Vulnerability in htmldoc
HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hdstrlcpy function in string.c when called from rendercontents in ps-pdf.cxx via a crafted HTML document...
Astra Linux – Vulnerability in WebKit2GTK
A logic issue has been resolved through improved checks. This issue is fixed in Safari 18.6 and macOS Sequoia 15.6. The origin of a download may be incorrectly associated...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix OOB Read in qrtrendpointpost Syzbot reported a slab-out-of-bounds Read in qrtrendpointpost. The problem was with the wrong sizetype: if len != ALIGNsize, 4 + hdrlen goto err; If the size from qrtrhdr is 4294967293...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serialcs: Fixed a memory leak in the error handling path. In the probe function, if the serialconfig function fails, data from info is leaking. A resource handling path should be added to free up this memory...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: usb: mtu3: Fix for the listhead check warning caused by uninitialization of listhead. This issue is due to the lack of initialization of listhead. BUG: KASAN: Use-after-free in listdelentryvalid+0x34/0xe4. Call trace:...
Astra Linux – Vulnerability in Firefox
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox versions earlier than 95...
Astra Linux – Vulnerability in PostgresSQL 11
A flaw was discovered in PostgreSQL. By using an INSERT...ON CONFLICT...DO UPDATE command on a specially crafted table, an authenticated database user could read arbitrary bytes of server memory. The most significant threat of this vulnerability is to data confidentiality...
Astra Linux – Vulnerability in libvirt
A issue was discovered in qemuDomainGetStatsIOThread in qemu/qemudriver.c within libvirt version 4.10.0 through 6.x, prior to 6.1.0. A memory leak was identified in the virDomainListGetStats libvirt API, which is responsible for retrieving domain statistics when managing QEMU guests. This flaw...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Immediately reset the MMU context when the SMM flag is cleared The MMU context must be reset immediately when the SMM flag of the vCPU is cleared, so that the SMM flag in the MMU context is always synchronized with the...
Astra Linux – Vulnerability in klibc
A issue was discovered in klibc before version 2.0.9. Additions in the malloc function may lead to an integer overflow, followed by a heap buffer overflow...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: perf/armdmc620: Fixed the hotplug callback leak in dmc620pmuinit. The dmc620pmuinit function does not remove the callback added by cpuhpsetupstatemulti when platformdriverregister fails. Remove the callback by calling...
Astra Linux – Vulnerability in snakeyaml
The Alias feature in SnakeYAML before version 1.26 allowed entity expansion during a load operation, which is a related issue to CVE-2003-1564...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: think-lmi: A memory leak was fixed when displaying current settings. When retrieving an item string using tlmisetting, the memory allocated for the string must be freed using kfree. However, in the currentvalueshow...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fixed a kernel panic that occurred when removing a non-standard SDIO card. The SDIO tuple is only allocated for standard SDIO cards. Non-standard SDIO cards can cause memory corruption issues when they are removed. Thi...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: fix UAF in hugetlbhandleuserfault The vmalock and hugetlbfaultmutex are removed before handling userfault, and reacquired again after handleuserfault. However, reacquiring the vmalock could lead to a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: hfs/hfsplus: Avoid using WARNON for sanity checks; instead, use proper error handling. The commit 55d1cbbbb29e “hfs/hfsplus: Use WARNON for sanity checks” fixed a build warning by converting a comment into a WARNON call...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed deadlock during the flushing of management frames The commit 1 converted the management transmission work item into a wiphy work item. Since a wiphy work item can only run under wiphy lock protection, a race...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iouring/net: Do not allow overflowing multishot recv. Do not allow overflowing multishot recv CQs; this could lead to unexpected behavior, degrade performance, and in the worst-case scenario, cause the task to terminate due to...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Avoid having an active sctimer before freeing the sci. Since the kthreadstop function did not properly stop the sctask, and returned -EINTR, the sctimer was not properly shut down. This ultimately led to the issue reporte...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: “ice”: corrected the incorrect fallback logic for FDIR. When adding a FDIR filter, if icevcfdirsetirqctx returns an error, the inserted fdir entry will not be removed. Similarly, if icevcfdirwritefltr returns an error, the fdir...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fixed a typographical error in the frequency notification. The NAN notification refers to a frequency of 5745 MHz, which corresponds to channel 149, not 5475—which is not a valid channel at all. This could le...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: hd44780: A potential memory leak was fixed in hd44780remove. hd44780probe allocates a memory block for hd using kzalloc, and makes “lcd-drvdata-hd44780” point to it. When calling hd44780Remove, we should release all...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fixed a page fault in ivpubounbindallbosfromcontext...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: A bug in markbufferdirty was fixed, as it sometimes generates a warning due to the forced discard of reused buffers. A syzbot stress test using a corrupted disk image revealed that markbufferdirty called from nilfsmark...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Netwerk: Ethernet: mtkethsoc: A possible NULL pointer dereferencing has been fixed in the mtkhwlrogetfdirall function. The rulelocs variable is allocated in the ethtoolgetrxnfc function, and its size is determined by rulecnt from...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: hibmcge: fixed the RTNL deadlock issue Currently, the hibmcge netdev acquires the RTNL lock in pcierrorhandlers.resetprepare and releases it in pcierrorhandlers.resetdone. However, in the PCI framework: pciresetbus -...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: zloop: Fixed the KASAN use-after-free of the tagset. When a zloop device is removed, the KASAN-enabled kernel reports a “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because zloopctlRemove calls...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Firmware: csdsp – Fixed out-of-bounds memory read access in KUnit tests. KASAN reported an out-of-bounds access issue with csdspmockbinaddnameorinfo, because the length of the source string was rounded up to the allocation siz...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Fixed an out-of-bounds memory read access in KUnit tests ctlcache. KASAN reported an out-of-bounds access: csdspctlcacheinitmultipleoffsets. The code used mockcoefftemplate.lengthbytes 4 bytes for register value...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/connector: Only call HDMI audio helper pluggedcb if fn is not null. During driver removal, sound/soc/codecs/hdmi-codec.c calls pluggedcb with NULL as the callback function and codecdev. This is evident in the hdmiremove...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mt76: dma: fixed a memory leak that occurred during the mt76dmatxcleanup routine. Fixed the memory leak caused by unregistering devices, and ensured that all configured rx queues are always cleaned up during the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Data related to command failures should only be collected for known commands. DEVX can issue a general command, which is not used by the mlx5 driver. If such a command fails, mlx5 attempts to collect the failure data...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xsk: Check IFFUP earlier in the Tx path. The Xsk Tx operation can be triggered via either sendmsg or poll system calls. Both paths involve a call to the common function xskxmit, which contains two sanity checks. Here’s a...