18102 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: kobject: A sanity check was added for kset-kobj.ktype in ksetregister. When I register a kset in the following manner: c static struct kset mykset; kobjectsetname&mykset.kobj, "mykset"; ret = ksetregister&mykset; A null pointer...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: wilc1000: using vmmtable as an array in the wilc struct. Enabling KASAN and running some iperf tests causes some memory issues related to vmmtable. Bug: KASAN: A slab-out-of-bounds issue exists in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: Check the return value after calling platformgetresource. This issue could lead to a null-ptr-deref in resourcesize if platformgetresource returns NULL. It is recommended to call resourcesize after...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm: Do not attempt to NUMA-migrate COW pages that have other uses. Oded Gabbay reported that enabling NUMA balancing causes corruption in his Gaudi accelerator test. He described the situation as follows: “All the details are in...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: nfp: Fixed a memory leak in nfpcppareacacheadd. In line 800 1, nfpcppareaalloc allocates and initializes a CPP area structure. However, in line 807 2, when the cache allocation fails, this CPP area structure is not freed, resulti...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smackfs: Restrict bytes count in smksetcipso Oops, I failed to update the subject line. From 07571157c91b98ce1a4aa70967531e64b78e8346 on Mon, Sep 17, 2001 Date: Mon, 12 Apr 2021 22:25:06 +0900 Subject: PATCH smackfs: Restrict byt...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: xen/netback: Avoid entering xenvifrxnextskb with an empty rx queue. xenvifrxnextskb expects the rx queue not to be empty. However, if the loop in xenvifrxaction performs multiple iterations, the availability of another skb in the...
Astra Linux – Vulnerability in Chromium
Before version 99.0.4844.74, using “After Free” in Google Chrome extensions allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - mm/mempolicy: No longer allows the illegal combination of MPOLFNUMABALANCING and MPOLLOCAL in mbind. - syzbot reported access to uninitialized memory in mbind. The issue arose with the commit bda420b98505 “NUMA balancing:...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: removed two BUG functions from skbchecksumhelp. I have a syzbot report that managed to cause a crash in skbchecksumhelp. If syzbot can trigger these BUGs, it makes sense to replace them with more friendly WARNONONCE function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: cxl/port: Hold a reference to the port until the decoder is released. KASAN + DEBUGKOBJECTRELEASE reports a potential use-after-free in cxldecoderrelease. This function references its parent object, a cxlport, to free its id back...
Astra Linux – Vulnerability in Vim
Heap-based Buffer Overflow in the GitHub repository for vim/vim before version 8.2...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fixed the issue with the ib block iterator counter overflow. When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry into smaller, aligned D...
Astra Linux – Vulnerability in xrdp
XRDPT is an open-source remote desktop protocol RDP server. In versions prior to 0.9.23, improper handling of session establishment errors allowed bypassing OS-level session restrictions. The authstartsession function could return a non-zero value 1 in the event of, for example, PAM errors. This...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: pktgen: Avoid out-of-bounds access in getimixentries Passing a sufficient amount of imix entries leads to invalid access to the pktdev-imixentries array due to incorrect boundary checks. UBSAN: Array-index out-of-bounds in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-hdmi: Fixed a reference count leak in imxhdmiprobe. The offinddevicebynode function takes a reference; we should use putdevice to release that reference. When devmkzalloc fails, there is no putdevice function available,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: scsidebug: Fixed the type of mint to avoid stack out-of-bounds situations. Changed mint to use the type “u32” instead of “int” to prevent stack out-of-bounds conditions. When mint uses the “int” type, values are...
Astra Linux – Vulnerability in node-marked
Marked is a markdown parser and compiler. Prior to version 4.0.10, the regular expression block.def might cause catastrophic backtracking against certain strings, leading to a regular expression denial of service ReDoS attack. Any user who runs untrusted markdown using a vulnerable version of...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: Core: Prevent panic during UVC unconfiguration Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget’s configuration. The panic involves a somewhat complex...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed the use of inodes after freeing them in ext4endiorsvwork. In ext4ioenddefercompletion, it was checked whether ioend-listvec was empty to avoid adding an ioend that does not require any conversion to the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Added missing error checks to ctlget The ctlget functions that call scarlett2update did not check the return value. This issue has been fixed by adding error checks and passing the return value to the caller...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/core: Fixed the ETHP1588 flow dissector. When an PTP Ethernet raw frame with a size of more than 256 bytes, followed by a 0xff pattern, is sent to skbflowdissect, the nhoff value calculation is incorrect. For example,...
Astra Linux – Vulnerability in Redis
Redis is an in-memory database that persists data on disk. Redis improperly handles the resizing of memory buffers, which can lead to integer overflows. This can, in turn, cause heap overflows and potentially allow for remote code execution. This issue has been fixed in versions 7.0.15 and 7.2.4...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: ipv4: Fixed a data race around the sysctlfibmultipathuseneigh function. When modifying sysctlfibmultipathuseneigh, it is possible for multiple processes to change it concurrently. Therefore, we need to add READONCE to its read...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in the Settings component of Google Chrome prior to version 95.0.4638.54 allowed a remote attacker to interact with Dev Tools, potentially exploiting heap corruption through a crafted HTML page...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: epoll: Be more careful regarding the lifetime of file pointers. epoll may call vfspoll with a file pointer that may race with the last fput. This could cause fcount to decrease to zero. While the ep-mtx locking mechanism ensur...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: The reference count leak in smbcheckpermdacl has been fixed. The issue occurs in a specific part of smbcheckpermdacl. When “id” and “uid” have the same value, the function simply jumps out of the loop without decrementing...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed an inode list leak during backref walking at resolveindirectrefs During backref walking, at resolveindirectrefs, if an error occurs, we jump to the ‘out’ label and call freeleaflist on the ‘parents’ ulist. This frees...
Astra Linux – Vulnerability in Harfbuzz
An integer overflow in the hb-ot-shape-fallback.cc component of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service DoS attack through unspecified vectors...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Tracing: Fixed a sleeping function called from an invalid context in the RT kernel. When setting bootparams="traceevent=initcall:initcallstart tpprintk=1" in the cmdline, the outputprintk function was called, and spinlockirqsave...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ip6mr: Fixed skbunderpanic in ip6mrcachereport. skbuff: skbunderpanic: Text: fffffffff88771f69; Len: 56; Put: -4; Head: ffffff88c5f86a800; Data: fffff887f5f86a850; Tail: 0x88; End: 0x2c0; Device: pim6reg. ----------- Cut here...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: Do not enable IRQ from syncprintobj. Since the commit a6aa8fca4d79 “dma-buf/sw-sync: Reduce irqsave/irqrestore from known context”, an error occurred when spinunlockirqrestore was replaced with spinunlockirq for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions. The clcsock callback functions will be saved and replaced during the fallback process. However, if the fallback occurs more than once, the copies of these...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath10k: Added cleanup of the peer map when deleting a peer in ath10kstastate. When peer deletion fails during a disconnection operation, a use-after-free occurs. This was detected by KFENCE in the log. The reason is that fo...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmloop: Fixed a possible name leak in tcmloopsetuphbabus. If deviceregister fails in tcmloopsetuphbabus, the name allocated by devsetname needs to be freed. As commented in deviceregister, it should use putdevice t...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: sched/deadline: Only the freecpus field is set for online runqueues. Commit 16b269436b72 “sched/deadline: Modified cpudl::freecpus to reflect rd-online“” introduced the cpudlset/clearfreecpu functions, allowing the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: PowerPC: Fixed virtaddrvalid for 64-bit Book3E & 32-bit systems. MPE: On 64-bit Book3E, the vmalloc space starts at 0x8000000000000000. Due to the way pa works, pa0x8000000000000000 returns 0. Consequently,...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: caif: A memory leak has been fixed in cfctrllinkuprequest. When linktype is unknown, or kzalloc fails in cfctrllinkuprequest, pkt is not released. Add a release process to the error handling logic...
Astra Linux – Vulnerability in opensc
A vulnerability related to the “return issue” was discovered in Opensc before version 0.22.0. This vulnerability exists in the “insertpin” function, and it could potentially cause programs using the library to crash...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: i2c: rtl9300: Fixed an out-of-bounds bug in rtl9300i2csmbusxfer The data-block0 variable comes from the user input. Without proper checks, this variable can become very large, leading to an out-of-bounds error. This bug has be...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A issue was discovered in the Linux kernel before version 6.6.8. The dovccioctl function in net/atm/ioctl.c has a use-after-free issue due to a race condition involving vccrecvmsg...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed a UAF issue in nfqnlnfhookDrop when opsinit fails. When the opsinit function is called to initialize the network, but ops-init fails, data is released. However, the pointer ptr in net-gen becomes invalid. In this...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.22.0, the sdlPointerNew function freed memory upon failure. However, after that function called pointerfree, it would call sdlPointerFree to free the memory again, triggering a Universal Address Fault UAF in ASan...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: atlantic: Fixed the DMA mapping for PTP HWTS rings. The function aqringhwtsrxalloc maps additional AQCFGRXDSDEF bytes for PTP HWTS rings. However, the generic aqringfree function does not take this into account. To fix th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ipvs: fixed an undefined behavior due to uninitialized stack access in ipvsprotocolinit Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator...
Astra Linux – Vulnerability in libstb
STBVorbis is a single-file library licensed under MIT, designed for processing OGG Vorbis files. A properly crafted file may cause a memory allocation failure in the startdecoder function. In such cases, the function returns early; f-commentlist is set to NULL, but f-commentlistlength is not rese...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: The quota: flush quotareleasework upon quota writeback issue has been addressed. One of the paths for quota writeback is called from freezesuper, syncfilesystem, ext4syncfs, and dquotwritebackdquots. Since we currently do not...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: binder: a check for offset alignment was added in bindergetobject. Commit 6d98eb95b450 “binder: avoid potential data leakage when copying txn” introduced changes to the way binder objects are copied. As a result, the offset...