18102 matches found
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: memstick/msblock: A memory leak has been fixed. The erasedblocksbitmap is never freed. Since it is allocated at the same time as usedblocksbitmap, it is likely that it should also be freed at the same time. Add the correspondi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Staging: fbtft: Core: Set smemlen before calling fbdeferredioinit. The fbtftframebufferalloc function calls fbdeferredioinit before initializing info-fix.smemlen. This value is set to zero by the framebufferalloc function. This...
Astra Linux – Vulnerability in Firefox and Thunderbird
A background script that invokes requestFullscreen and then blocks the main thread could cause the browser to enter fullscreen mode indefinitely, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102....
Astra Linux – Vulnerability in libde265
It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the ffhevcputhevcqpelh2v1sse function in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a crafted video file...
Astra Linux – Vulnerability in Zabbix
A authenticated user can create a link containing reflected JavaScript code for the graphs page and send it to other users. The payload can only be executed with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...
Astra Linux – Vulnerability in xorg-server
A vulnerability was discovered in X.Org. This security flaw occurs because the swap handler for the XTestFakeInput request of the XTest extension may corrupt the stack if GenericEvents with lengths greater than 32 bytes are sent through the XTestFakeInput request. This issue can lead to local...
Astra Linux – Vulnerability in Ruby-Rack
There is a DoS vulnerability in Rack versions v3.0.4.2, v2.2.6.3, v2.1.4.3, and v2.0.9.3, particularly in the Multipart MIME parsing code. This vulnerability could allow an attacker to craft requests that can be abused to cause the multipart parsing to take longer than expected...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sysctl: Data race issues in procdouintvecminmax have been fixed. A sysctl variable is accessed concurrently, and there is always a risk of data races. Therefore, both readers and writers require some basic protection to avoid dat...
Astra Linux – Vulnerability in libxstream-java
XStream is a simple library for serializing objects to XML and back again. In affected versions, this vulnerability may allow a remote attacker to allocate 100% of the CPU resources on the target system, depending on the type of CPU or through parallel execution of such a payload. This results in...
Astra Linux – Vulnerability in Heimdal, Samba
Before version 7.7.1, Heimdal allowed remote attackers to execute arbitrary code due to an invalid free operation in the ASN.1 codec used by the Key Distribution Center KDC...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger an...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...
Astra Linux – Vulnerability in CGal
There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could result in code execution. An attacker can provide malicious input to trigger...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Do not use freedevicenode in graphutilParsedai. The commit 419d1918105e states that “ASoC: simple-card-utils: Use freedevicenode for devicenode”. However, freedevicenode should be kept used for dlc-ofnode...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/core: Page allocation is disabled in tasktickmmcid. With KASAN and PREEMPTRT enabled, calling taskworkadd within tasktickmmcid may cause the following crash. 63.696416 BUG: A sleeping function is called from an invalid...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-af: fixed the double-free in rvunpcfreemem. Clang static checker scan-build warning: drivers/net/ethernet/marvell/octeontx2/af/rvunpc.c, line 2184, column 2: Attempt to free released memory. The function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid using GFPKERNEL in an atomic context. Using GFPKERNEL in a preemption-disabled context may cause the following warning when CONFIGDEBUGATOMICSLEEP is enabled. 32.542271 BUG: A sleeping function was called from...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed an out-of-band issue in ntfslistxattr. The length of a name cannot exceed the space occupied by “ea”...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - Media: MediTech: vcodec: Added a lock to protect the ctxlist variable, to prevent access to a NULL pointer within the vpudecipihandler function when the ctxlist has been deleted due to an unexpected behavior on the SCP IP...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: ofproperty: Return error for intmap allocation failure The “-ENOMEM” return value occurs when kcalloc fails to prevent a NULL pointer dereferencing in this case. bhelgaas: commit log...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Added a NULL check for ‘replay’ in ‘edpsetreplayallowactive’. In the first if statement, we are checking whether ‘replay’ is NULL. However, in the second if statement, we do not check whether ‘replay’ is NULL aga...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: RDMA/hns: Fixed a NULL pointer issue in freemrinit. A lock grab occurs in a concurrent scenario, resulting in dereferencing a NULL pointer. This issue should be addressed by calling initmutexinit before using the lock. Unable ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed an out-of-bounds access in rpage. When PAGESIZE is 64K, if logreadrst calls readlogpage for the first time, the size of buffer will be equal to DefaultLogPageSize4K. However, for buffer operations like memcpy, if...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: The netlink notifier might race to release objects. The commit release path is invoked via callrcu, and it runs without locking to release the objects after the rcu grace period. The netlink notifier handler...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: Do not count unused/invalid keys for flow release. We are currently encountering the WARNON message in mctpi2cflowrelease: c if midev-releasecount midev-i2clockcount WARNONCE1, "Release count overflow"; This issue may...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Input: gpio-keys – cancels delayed work only in case of GPIO. The gpiokeys module can accept gpios or interrupts. The module initializes delayed work only in case of gpios and is only used if the debounce timer is not used...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: libbpf: Handling of size overflow for ringbuf mmap The maximum size of a ringbuf on an x86-64 host is 2GB. Therefore, 2 maxentries will cause an overflow of type u32 when mapping producer pages and data pages. Simply casting...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/entry: Clear X86FEATURESMAP when CONFIGX86SMAP=n Commit: 3c73b81a9164 “x86/entry, selftests: Further improve user entry sanity checks” added a warning if AC is set when in the kernel. Commit: 662a0221893a3d “x86/entry: Fix...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clearing DMA operations when switching domains Since the commit 08a27c1c3ecf “iommu: Adding support for changing the default domain of an iommu group”, a user can switch a device between IOMMU and direct DMA through...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: powerpc/kasan: Fixed an issue where the early region was not updated correctly. The shadow’s page table is not updated when PTERPNSHIFT is 24 and PAGESHIFT is 12. This not only causes false positives but also false negatives, ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: mt76: mt7915: fixed NULL pointer dereferencing in mt7915getphymode Fixed the NULL pointer dereferencing in mt7915getPHYmode routine by adding an IBSS interface to the mt7915 driver. 101.137097 wlan0: Triggered a new scan to fi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: Fixed the leak in the waitfence submitqueue operation. We were not releasing the reference to submitqueue in all paths. In particular, this was not done when the fence had already been signaled. We have created a help...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devmregmapinitencx24j600 devmregmapinit may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing register: general protection...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bondrrgenslaveid Fix a NULL dereference of the struct bonding.rrtxcounter member because if a bond is initially created with an initial mode != zero Round Robin the memory required for the counter is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rcu-tasks: Fixed a race condition in the schedule function and the flush work operation. When booting secondary CPUs, cpusreadlock/unlock does not keep the online cpumask stable. This temporary change in the online mask result...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: macsec: Fixed the offload support for the NETDEVUNREGISTER event. The current macsec netdev notify handler handles the NETDEVUNREGISTER event by releasing relevant software resources only. This can lead to resource leaks in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Fixed error handling in mt8195mt6359rt1019rt5682devprobe. The devicenode pointer is returned by ofparsephandle, with the refcount incremented. We should use ofnodeput on it after the function is completed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fixed a possible memory leak in the mt7915mcuaddsta routine. The allocated skb was freed in the mt7915mcuaddsta routine in case of failures...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: net: tipc: fixed a possible refcount leak in tipcskcreate Free sk in case tipcskinsert fails...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ath11k: mhi: use mhisyncpowerup If amss.bin is missing, ath11k will crash during the ‘rmmod ath11kpci’ command. The reason for this is that we were using mhipowerup, which does not check for any errors. However, mhisyncpowerup do...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32usbphycpllenable This error path needs to decrement “usbphyc-npllcons.counter” before returning...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fixed potential Spectre v1 gadget It appears that nr could be a Spectre v1 gadget, as it is provided by a user and used as an array index. This issue prevents the contents of kernel memory from being leaked to use...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix cryptofreeacomp deadlock in zswapcpucompdead Currently, zswapcpucompdead calls cryptofreeacomp while holding the per-CPU acompctx mutex. cryptofreeacomp then holds the scomplock through cryptoexitscompopsasync. On...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: tty: xilinxuartps: split sysrq handling The lockdep tool detected the following circular locking dependencies: CPU 0 | CPU 1 ============= | ============== cdnsuartisr | printk uartportlockport | consolelock cdnsuartconsolewrite ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: wifi: rtw89: avoid initiating the mgntentry list twice when WoWLAN fails If WoWLAN fails during the resume process, the rtw89opsaddinterface function is triggered without first removing the interface. As a result, the mgntentr...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/meson: encoderhdmi: Fixed a reference count leak in mesonencoderhdmiinit. In the function ofgraphgetremotenode, the remote device nodepointer is returned with a incremented reference count. We should use ofnodeput on it after...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btnxpuart: Fixed a null pointer dereference in the btnxpuartflush function. A check was added before freeing the rx-skb in the flush and close functions to handle kernel crashes that occur when removing the driver...
Astra Linux - уязвимость в u-boot
The U-Boot 2022.01 has a Buffer Overflow issue...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Do not skip resource freeing if pmruntimeresumeandget fails. Returning an error code from .remove causes the driver core to emit a rather useless error message: remove callback returned a non-zero value. This...
Astra Linux – Vulnerability in ktexteditor, Kate
The LSP Language Server Protocol plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 attempts to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will attempt to run the LSP server binary in the directory of the...