18102 matches found
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevents dereferencing of a NULL pointer if ATIF is not supported. acpievaluateobject may return AENOTFOUND failure, which would result in dereferencing buffer.pointer obj when buffer.pointer is NULL. Although this...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Tracing: Consider the NULL character when validating the event length. strlen returns the length of a string excluding the null byte. If the string length equals the maximum buffer length, there will be no space left in the buffe...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: jfs: Fixed the uninit-value access to newea in eabuffer syzbot reports that lzo1x1docompress uses uninit-value: ===================================================== BUG: KMSAN: Uninit-value in lzo1x1docompress+0x19f9/0x2510,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm – injects an error before stopping the queue. The master OOO cannot be completely closed when the accelerator core reports a memory error. Therefore, the driver needs to inject the qm error to close the maste...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Added bounds checking to ocfs2xattrfindentry. A paranoia check was also added to ensure that the function does not stray beyond the valid memory region containing ocfs2 xattr entries during the search for matches. This wil...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fixed the out-of-bounds read warning. Using index i-1U may exceed the element index for mcdata when i=0...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxrproc: Skip over the memory region when the node value is NULL In the imxrprocaddrinit function, the line “nph = ofcountphandlewithargs” simply counts the number of phandles. However, the phandles may be empty...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: flowdissector: Use DEBUGNETWARNONONCE. The following issue is easy to reproduce both upstream and in the -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 “net: add and use skbgethashsymmetricnet"...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a segmentation issue when upgrading gsosize. The skb was linearized during the upgrade of gsosize, as this might trigger a BUGON function later on, as described in 1,2...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Check the index msgid before reading or writing. WHAT msgid is used as an array index, and it cannot be a negative value. Therefore, it cannot be equal to MODHDCPMESSAGEIDINVALID -1. HOW Check whether msgid is...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: net/sched: Fixed a UAF issue when resolving a clash. KASAN reports the following UAF issues: - BUG: KASAN: A slab-use-after-free issue in tcfctflowtableprocessconn+0x12b/0x380 actct. A size 1 read at address ffff888c07603600 w...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: ipv6: prevented possible NULL dereference in rt6probe syzbot detected a NULL dereference in rt6probe 1 Escape if in6devget returns NULL. 1 Oops: general protection fault, likely due to an invalid address 0xdffffc00000000cb: 00...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160copyvideo The subtraction in this condition is reversed. -length represents the length of the buffer, while -bytesused indicates the number of bytes that have been copied so far. When...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: nfc: nci: Fixed an uninit-value issue in ncirxwork. syzbot reported the following uninit-value access issue 1. ncirxwork parses the received packet from ndev-rxq. It is necessary to validate the header size, payload size, and...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: FireWire: OHCI: Masking of bus reset interrupts between ISR and the bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt occurs, the interrupts related to bus reset are masked until busresetwork processes...
Astra Linux – Vulnerability in python-setuptools
A vulnerability exists in the packageindex module of pypa/setuptools versions up to 69.1.1, allowing for remote code execution through its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are vulnerable t...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow The sanitizer reports the following issues: 62.982337 ------------ cut here ------------ 62.985692 cgroup:...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: net: fixed the race condition in dstnegativeadvice The dstnegativeadvice function does not enforce proper RCU rules when sk-dstcache must be cleared, leading to a potential Use-After-Free error UAF. RCU rules state that we must...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Thermal: The race that occurs during the removal of the thermal zone during resume can be avoided. Since thermalzonepmComplete and thermalzonedeviceresume reinitialize the delayed work of pollqueue for the given thermal zone,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 Fixed a stack overflow issue in the debugfs read operation. The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments being passed to bin2hex. Currently, the functi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Makes kvmgetvcuByCPUid more robust The kvmgetvcuByCPUid function takes a cpuid parameter of type int; therefore, the cpuid value can be negative. To make this function more robust, let kvmgetvcuByCPUid return NULL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Handle wraparound when searching for blocks for indirectly mapped blocks The commit 4865c768b563 states that “ext4: Always allocate blocks only from groups that inode can use” restricts the blocks that will be allocated for...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Handle the deactivation of DBCs when the owner leaves. When a DBC is released, the device sends a QAICTRANSDEACTIVATEFROMDEV transaction to the host via the QAICCONTROL MHI channel. QAIC handles this by calling...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30i2c: fix the buffer size in sps30i2creadmeas The value of sizeofnum is evaluated as sizeofsizet 8 bytes on 64-bit systems, instead of the intended be32 element size 4 bytes. Use sizeofmeas to correctly match t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: futex: It is required that sysfutexrequeue has identical flags. Nicholas reported that his LLM found it possible to create a UaF when sysfutexrequeue is used with different flags. The initial motivation for allowing different fla...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: caam – fix DMA corruption on long hmac keys When a key longer than the block size is provided, it is copied and then hashed into the actual key. The memory allocated for the copy needs to be rounded to the DMA cache...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: xfs: Do not perform irele after failing to perform iget in xfsattrirecoverwork. xlogrecoveryiget never sets @ip to a valid pointer if it returns an error; therefore, this irele will cause a dangling pointer. This issue has bee...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Audit: Added missing syscalls to the read class. The “at” variant of getxattr and listxattr are missing from the audit read class. Calling getxattrat or listxattrat on a file to read its extended attributes will bypass audit rule...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Fixed the handling of the “quote” buffer length controlled by the host. The host-controlled value quotebuf-outlen is validated to determine how many bytes of the quote are copied to the guest userspace. In TDX...
Astra Linux – Vulnerability in Python 3.11
If the value passed to os.path.expandvars is controlled by the user, there is a possibility of performance degradation when expanding environment variables...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: A stack-out-of-bounds write occurred in devmap. The function getupperifindexes iterates over all upper devices and writes their indices into an array without checking bounds. Additionally, the calling functions assume that t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed a UAF issue in bpftrampolinelinkcgroupshim The root cause of this bug is that when ‘bpflinkput’ reduces the refcount of ‘shimlink-link.link’ to zero, the resource is considered released, but may still be referenced via...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: When a multichannel SMB2SESSIONSETUP request with SMB2SESSIONREQFLAGBINDING fails, ksmbd sets conn-binding = true, but never clears this value during the error path. As a result, the connection remains in a binding state,...
Astra Linux – Vulnerability in Mariadb 10.3
MariaDB Server versions 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11 before 10.11.7, 11.0 before 11.0.5, and 11.1 before 11.1.4 have an issue where the fixfieldsifneeded function under mysqlderivedprepare is called when the derived table is not yet prepared,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed undefined behavior in the interpreter’s sdiv/smod operations for INTMIN. The BPF interpreter’s signed 32-bit division and modulo operations use the kernel’s abs macro for s32 operands. The documentation for the abs mac...
Astra Linux – Vulnerability in Redis
Redis is an open-source, in-memory database that persists data on disk. Versions 8.2.1 and earlier allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, triggering a use-after-free and potentially leading to remote code execution. This issue exists...
Astra Linux – Vulnerability in libxmltok
In the libexpat library in ExPat versions before 2.2.7, XML inputs containing XML names with a large number of colons could cause the XML parser to consume a high amount of RAM and CPU resources during processing. This behavior could potentially be exploited in denial-of-service attacks...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation when parsing a UDP packet, due to an underflow of the netprocessreceivedpacket integer during the udppackethandler call...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is an unbounded memcpy operation with a failed length check at nfsreadreply, when calling storeblock in the NFSv3 case...
Astra Linux - уязвимость в u-boot
In Das U-Boot through 2022.07-rc5, an integer signedness error and resulting stack-based buffer overflow occur in the “i2c md” command, which allows for the corruption of the return address pointer of the doi2cmd function...
Astra Linux - уязвимость в u-boot
A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfsumountallreply...
Astra Linux – Vulnerability in libssh
A vulnerability was discovered in libssh, where an uninitialized variable exists under certain conditions within the privatekeyfromfile function. This flaw can be exploited if the file specified by the filename does not exist, and it may lead to potential signing failures or heap corruption...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: A bug in the ocfs2findvictimchain function was fixed. The syzbot reported a kernel bug in ocfs2findvictimchain. This bug occurs because the clnextfreerec field of the allocation chain list the next free slot in the chain...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Added idatasem protection in ext4destroyInlinedatanolock Fixed a race condition between inline data destruction and block mapping. The function ext4destroyInlinedatanolock changes the inode data layout by clearing...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Therefore, dereferencing req-iv after its return is invalid...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: MOST: Fix for double-free operations during late probe failures. The MOST subsystem includes a non-standard registration function that releases the interface when registration failures occur or when deregistration is required. Th...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchRules, if imafilterruleMatch returns -ENOENT due to the rule being NULL, the function incorrectly skips the if !rc check and sets result = true. The LSM rule is...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauthgss: Avoid NULL dereferencing on a zero-length gsstoken in gssreadproxyverf A zero-length gsstoken results in pageaddress being == 0, and intoken-pages0 being NULL. The code pageaddressintoken-pages0, which can lea...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/gvt: fixed the issue where gvt debugfs destruction occurred unexpectedly. When gvt debugfs is destroyed, it is necessary to perform a check to ensure that the DRM minor’s debugfs root is still available. Otherwise, in...