18102 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: gpio: loongson-64bit: Fixed an incorrect NULL check after devmkcalloc Fixed an incorrect NULL check in loongsongpioinitirqchip. The function checks chip-parent instead of chip-irq.parents...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: The GPIO controller is set up later in the probe function. The GPIO controller component of the sc16is7xx driver is also set up too early, which can lead to a race condition where another device attempts to...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net/smc: The use of smclgrlist.lock is required to protect the iteration of smclgrlist.list during smcrportadd. During the execution of smcrportadd, there may be operations that add or delete entries from smclgrlist.list at the...
Astra Linux – Vulnerability in exempi
A buffer overflow vulnerability exists in WEBPSupport.cpp in exempi 2.5.0 and earlier, allowing remote attackers to cause a denial of service by opening crafted webp files...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: Fixed a regression related to the removal of the procfs host directory. The scsiprochostdirrm function decreases a reference counter; therefore, it should only be called once per host that is removed. This change...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: The pointer to debugfsdir is set to NULL after removing debugfs. If init debugfs fails during device registration due to a memory allocation failure, the function debugfsremoverecursive is called. However, debugfsd...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: “wifi: mac80211: fix memory leak in ieee80211ifadd” This resolution involves committing changes in commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. The function ieee80211iffree is already called from freenetdevndev, because...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: mmc: mmcspi: fixed error handling in mmcspiprobe If mmcaddhost fails, there is no need to call mmcremovehost; otherwise, it may cause a null-ptr-deref issue, due to deleting a device that was not properly added in mmcremovehost. ...
Astra Linux – Vulnerability in ruby-rails-html-sanitizer
Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions starting from 1.0.3 and before 1.4.4 are vulnerable to cross-site scripting through data URIs when used in conjunction with Loofah version 2.1.0 or higher. This issue has been fixed in version 1.4.4...
Astra Linux – Vulnerability in rabbitmq-server
RabbitMQ is a multi-protocol messaging and streaming broker. The HTTP API does not enforce a limit on the size of HTTP request bodies, making it vulnerable to Denial of Service DoS attacks involving very large messages. A verified user with sufficient credentials can publish very large messages...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: net: mctp: It now takes ownership of the skb in mctplocaloutput. Currently, mctplocaloutput only takes ownership of the skb on a successful operation. In some cases where mctplocaloutput fails, we might leak the skb. Ownership of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpi3mr: Fixed the throttlegroups memory leak. Added a missing kfree function...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hciconn: Fixed memory leaks When hcicmdsyncqueue fails in hcileterminatebig or hcilebigterminate, the memory pointed to by the variable d is not freed, which can lead to memory leaks. A release mechanism should be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: pinctrl: aspeed: Fixed a potential NULL dereferencing in aspeedpinmuxsetmux. pdesc could potentially be null, but still, dereferencing pdesc-name would lead to a NULL pointer access. Therefore, we moved a null check before the...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: f2fs: The WARNON message was removed from the f2fsisvalidblkaddr function. The Syzbot triggers two WARN messages in f2fsisvalidblkaddr and isbitmapvalid. For example, in f2fsisvalidblkaddr, if the type parameter is...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: dsa: don’t leak tagger-owned storage on switch driver unbind In the initial commit dc452a471dba, we had a issue where a call to tagops-disconnectdst was issued from dsatreefree, which was called during the tree teardown...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: PCI: Fixed the requirement that devices managed by PME polling must be in the RPMACTIVE state. The fix notes that devices managed by runtime PM need to be in the RPMACTIVE state for PME polling. In fact, only devices in low-power...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: hisisas: Freeing irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in freeirq. This will cause a kernel BUG like...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: irqchip/apple-aic: A refcount leak was fixed in aicoficinit. ofgetchildbyname returns a node pointer with a refcount incremented. We should use ofnodeput on it when there is no longer a need for it. Add the missing ofnodeput...
Astra Linux – Vulnerability in libde265
There is an incorrect access control vulnerability in libde265 v1.0.8 due to a SEGV in slice.cc...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: net: dsa: Fixed a panic that occurred when the DSA master device unbinds during shutdown. Rafael reported that on a system with LX2160A and Marvell DSA switches, if a reboot occurs while the DSA master dpaa2-eth is active, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should never dereference a NULL pointer, as drmatomicgetnewbridgestate may return such a pointer. Instead, a fixed format should be used instead...
Astra Linux – Vulnerability in Linux 5.10
A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the number of channels in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file in the WILC1000 wireless driver can lead to a heap-based buffer overflow when copying the list of operating channels from...
Astra Linux – Vulnerability in Firefox and Thunderbird
When accessing directory listings for chrome:// URLs as source text, certain parameters are reflected. This vulnerability affects Firefox ESR 102.1, Firefox ESR 91.12, Firefox 103, Thunderbird 102.1, and Thunderbird 91.12...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host – Added an alignment check for the event ring read pointer. Although we check the event ring read pointer using “isvalidringptr” to ensure it is within the buffer range, there is another risk that the pointer might...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ixgbevf: Fixed a resource leak in ixgbevfinitmodule. ixgbevfinitmodule no longer destroys the workqueue created by createsinglethreadworkqueue when pciregisterdriver fails. Added destroyworkqueue in the failure path to prevent...
Astra Linux – Vulnerability in the 389-DS-base
When binding against a DN during authentication, the response from 389-ds-base will differ depending on whether the DN exists or not. This can be exploited by an unauthenticated attacker to check the existence of an entry in the LDAP database...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Nouveau/UVMM: Fixed calculations of addresses/ranges for remap operations. The issue with dEQP-VK.sparseresources.imagerebind.2darray.r64i.1281288 was causing a remap operation like the one below: opremap: prev: 0000003fffed00...
Astra Linux – Vulnerability in Linux 5.10, Linux
A NULL pointer dereference flaw was discovered in the az6027 driver, located in the file drivers/media/usb/dev-usb/az6027.c within the Linux Kernel. The message from the user space is not properly checked before being transferred to the device. This flaw could allow a local user to crash the syst...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerabilities have been resolved: ipvs: fixed an error in ipvscleanupbatch. During the initialization of ipvsconnnetinit, if the files ipvsconn or ipvsconnsync fail to be created, the initialization is successful by default. Therefore, the ipvsconn or...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: mISDN: fixed an issue involving misuse of putdevice in mISDNregisterdevice. We should not release references to putdevice before calling deviceinitialize...
Astra Linux – Vulnerability in Golang-1.15
In Go, encoding/xml in versions prior to 1.15.9 and 1.16.x prior to 1.16.1 can lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fixed the issue where the connection was used after freeing it during resets. If we haven’t performed a unbindtarget call, we can encounter a race condition where iscsiconnteardown wakes up the EH thread, and then...
Astra Linux – Vulnerability in Samba
A flaw was discovered in the way samba handled file and directory permissions. A authenticated user could exploit this flaw to gain access to certain file and directory information that would otherwise be unavailable to the attacker...
Astra Linux – Vulnerability in SQLite3
In SQLite 3.30.1, selectExpander in select.c continues with the WITH stack unwinding process even after a parsing error occurs...
Astra Linux – Vulnerability in libuv1
Node.js versions prior to 16.4.1, 14.17.2, and 12.22.2 are vulnerable to an out-of-bounds read when the uvidnatoascii function is used to convert strings to ASCII. The pointer p is read and incremented without checking whether it lies beyond pe, where pe holds a pointer to the end of the buffer...
Astra Linux – Vulnerability in Chromium
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in V8 in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially perform out-of-bounds memory access via a crafted HTML page...
Astra Linux – Vulnerability in RustC
In the standard library of Rust before version 1.49.0, VecDeque::makecontiguous has a bug where the same element may be popped more than once under certain conditions. This bug could lead to a use-after-free or double-free situation...
Astra Linux – Vulnerability in WebKit2GTK
A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2, iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, and iTunes 12.11 for Windows...
Astra Linux – Vulnerability in Wireshark
A memory leak in the Kafka protocol dissector in Wireshark versions 3.4.0 and 3.2.0 to 3.2.8 allows for denial of service through packet injection or malicious capture files...
Astra Linux – Vulnerability in ffmpeg
A buffer overflow vulnerability exists in FFmpeg 4.2, specifically in the filtervertically8 function within libavfilter/vfavgblur.c. This vulnerability could lead to a remote Denial of Service attack...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: A reference count leak was fixed in hshewephaslimitsbox. The pcigetdevice function will increase the reference count of the returned ‘dev’. We need to call pcidevput to decrease the reference count. Since...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Disabling INVLPGB on Zen2 AMD Cyan Skillfish Family 17h, Model 47h, Stepping 0h has a issue that causes system errors and panics when performing TLB flush using INVLPGB. However, the problem arises from misconfigured...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: jbd2: fixed a potential use-after-free issue in jbd2fcwaitbufs. In jbd2fcwaitbufs, using bh after referencing the buffer’s head count may lead to a use-after-free condition. Therefore, ensure that the buffer is updated before...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fixed a memory leak in kvmipidestroy In kvmioctlcreatedevice, kvmdevice has allocated memory. kvmdevice-destroy seems to be supposed to free up the kvmdevice structure, but kvmipidestroy does not do this currently...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the refcount leak for PCI devices According to the comments on pcigetdomainbusandslot, it returns a PCI device with a refcount that increments after use. Therefore, the caller must decrement the reference count ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Ring Buffer: Do not swap the cpubuffer during the resize process When the ringbufferswapcpu function is called during the resize process, the cpu buffer is swapped in the middle, resulting in an incorrect state. Continuing to run...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Rejects invalid reloc tree root keys with stack dump. BUG Syzbot reported a crash that an ASSERT was triggered inside preparetomerge. This ASSERT ensures that the reloc tree is properly pointed back by its subvolume tree...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: block: RCU protection for disk-convzonesbitmap It is ensured that revalidating a disk by changing the conventional zones bitmap does not cause invalid memory references when using the helper function diskzoneisconv, with RCU...