Astra Linux – Vulnerability in Chromium

Insufficient data validation in networking in Google Chrome prior to 87.0.4280.141 allowed a remote attacker to bypass discretionary access control via malicious network traffic...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Added a bounds check for the durable handle context. A missing bounds check was added for the durable handle context...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: blkiocost: fixed issues with out-of-bound shifts. Recently, running UBSAN detected a few out-of-bound shifts in the iocforgivedebts function: UBSAN: Out-of-bound shift in block/blk-iocost.c:2142:38; Shift exponent 80 is too...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas-hwptlist twice. The hwpt is only added to the hwptlist during its creation; it is never added again. This issue seems to be leftover from previous revisions. Adding an hwpt twice may...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: A potential reference count leak has been fixed in ndiscrouterdiscovery. This issue occurs on specific paths within the function. After the object rt and neigh are successfully acquired, when lifetime is non-zero but the...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed another “off-by-one” issue with the fsmap for 1k-block file systems. It seems that syzbot discovered that issuing the FSMAP call as follows: c struct fsmaphead cmd = .fmhcount = ...; .fmhkeys = .fmrdevice = / ext4...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bpf: Do not report a verification bug for missing bpfsccvisit calls on speculative execution paths. Syzbot generated a program that triggers a verifierbug call in maybeexitscc. maybeexitscc assumes that, when called for a state...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: 'intelth': Fixed a resource leak in the error handling path. If an error occurs after calling 'pciallocirqvectors', 'pcifreeirqvectors' must be called, as already done in the remove function...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed a NULL pointer dereference issue in doabortlogreplay. Coverity reported a NULL pointer dereference issue CID 1666756 in doabortlogreplay. When btrfsallocpath fails in replayonebuffer, wc-subvolpath becomes NULL...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: virtionet: Fixed a misalignment bug in the struct virtnetinfo structure. Use the new TRAILINGOVERLAP helper to fix the misalignment bug, along with the following warning: drivers/net/virtionet.c:429:46: warning: Structure...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws The commit f316cdff8d67 annotated the hws member of the struct clkhwonecelldata with countedby. This informs the bounds sanitizer UBSANBOUNDS about the number of...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fixed a null reference during testing of fluster. When multiple instances are created or destroyed, many interrupts occur, and structures related to the decoder are removed. The struct vpuinstance...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Input: croseckeyb – fix an invalid memory access If the croseckeybregistermatrix function is not called due to “buttonsswitchesonly” in croseckeybprobe, ckdev-idev remains NULL. An invalid memory access is observed in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vdpasim: A memory leak was fixed when freeing IOTLBs. After the commit bda324fd037a “vdpasim: control virtqueue support”, vdpasim-iommu became an array of IOTLBs. Therefore, we should clean the mappings of each freed IOTLB one...

Astra Linux – Vulnerability in WebKit2GTK

A logic issue has been resolved through improved validation. This issue is fixed in Safari 17.4, iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, visionOS 1.1, and watchOS 10.4. Processing maliciously crafted web content may prevent the Content Security Policy...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fork: Invoke khugepaged and ksm hooks only if there is no error. There is no reason to invoke these hooks early on an MM that is in an incomplete state. The change in commit d24062914837 “fork: use mtdup to duplicate the maple tr...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: tipc: Wait and exit until all work queues are completed On some hosts, a crash could occur simply by repeating these commands several times: bash modprobe tipc tipc bearer enable media udp name UDP1 localip 127.0.0.1 rmmod tipc T...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Reader Mode in Google Chrome on iOS prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page and a malicious server...

Astra Linux – Vulnerability in ruby-tzinfo

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. Versions prior to 0.36.1, as well as those prior to 1.2.10 when used with the Ruby data source tzinfo-data, are vulnerable to relative path traversal. With the Ruby data source,...

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the virtio-fs shared file system daemon virtiofsd of QEMU. The new ‘xattrmap’ option may cause the ‘security.capability’ xattr in the guest to not be dropped when writing files, potentially allowing a modified, privileged executable to be executed within the guest. In rar...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Ensure that the internal and UAPI bpfredirect flags do not overlap. The bpfredirectinfo is shared between the SKB and XDP redirection paths. Both paths use the same numerical flag values in the ri-flags field specifically,...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Mark the bpf prog stack with kmsanunpoisonmemory in interpreter mode. syzbot reported uninitialized memory usage during maplookup,deleteelem. ========== BUG: KMSAN: uninitvalue in devmaplookupelem kernel/bpf/devmap.c:441...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: In rtlwifi, memory leaks and invalid access at the probe error path have been fixed. The deinitialization is performed in reverse order when the probe fails. When initswvars fails, rtldeinitcore should not be called. Thi...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed the sanity check on sbi-totalvalidblockcount. syzbot reported a f2fs bug as follows: ------------ cut here ------------ Kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount + 0x3b2/0x3c0, fs/f2fs/f2fs.h:252...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm: Fixed unconditional IO throttling caused by REQPREFLUSH When a bio with REQPREFLUSH is submitted to dm, sendemptyflush generates a flushbio with REQOPWRITE | REQPREFLUSH | REQSYNC, which causes the flushbio to be throttled by...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: vlan: do not propagate flags on open With the device instance lock, there is now a possibility of a deadlock: 1.211455=========================================== 1.211571WARNING: possible recursive locking detected...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: netlabel: Fixed a NULL pointer exception caused by CALIPSO on IPv4 sockets. When calling netlblconnsetattr, addr-safamily is used to determine the function’s behavior. If sk is an IPv4 socket, but the connect function is called...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: cancels all operations upon calling hciunregisterdev. syzbot reports that calling hcireleasedev from hcierrorreset can cause a deadlock at destroyworkqueue. This occurs because hcierrorreset is called from...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop the dlserver function before the CPU goes offline. The IBM CI tool reported a kernel warning1 when performing a CPU removal operation using drmgr2. For example: “drmgr -c cpu -r -q 1”. WARNING: CPU: 0 PID: 0 ...

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ice: arfs: fixed a use-after-free when freeing @rxcpurmap The CI testing bots triggered the following error message: 718.203054 BUG: KASAN: use-after-free in freeirqcpurmap+0x53/0x80 718.206349 Read of size 4 at addr...

Astra Linux – Vulnerability in binutils

It has been discovered that GNU Binutils prior to version 2.40 contains a vulnerability involving excessive memory consumption, caused by the loadseparatedebugfiles function in dwarf2.c. An attacker could provide a crafted ELF file and trigger a DNS attack...

Astra Linux – Vulnerability in xterm

xterm before 375 allows code execution via font ops. For example, an OSC 50 response may trigger Ctrl-g, thereby leading to command execution within the vi line-editing mode of Zsh. NOTE: Font ops are not allowed in the default configurations of some Linux distributions for xterm...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Do not hold the nilock lock when calling truncatesetsize. syzbot reports a hung task during the call to douseraddrfault 1. This occurs because there is a silent deadlock between the PGlocked bit and the nilock lock. Sin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed a NULL pointer dereferencing in amdgpugmcfilterfaultsremove. On APUs such as Raven and Renoir GC 9.1.0, 9.2.2, 9.3.0, the ih1 and ih2 interrupt ring buffers are not initialized. This is by design, as these...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: idxd: Fixed device leaks during the compat bind and unbind operations. Make sure to remove the references to the idxd device when using the compat bind and unbind sysfs interfaces...

Astra Linux – Vulnerability in Linux

In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: The cleanup of the connector occurs when the bridge is detached. If we do not call drmconnectorcleanup manually in panelbridgedetach, the connector will be cleaned up along with other DRM objects during the cal...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fixed an OOB read issue in indxinsertintobuffer. Syzbot reported a OOB read bug: BUG: KASAN: Out-of-bounds access in indxinsertintobuffer+0xaa3/0x13b0 fs/ntfs3/index.c:1755 A read of size 17168 was performed at address...

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fixed a kernel panic when accessing DATdata. The i3cmasterbusinit function may attach the I2C devices before the I3C bus initialization. In this case, the DAT allocentry will be used before the DAT init...

Astra Linux – Vulnerability in qt4-x11, qtbase-opensource-src

A issue was discovered in Qt before version 5.15.15, in versions 6.x before 6.2.9, and in versions 6.3.x through 6.5.x before 6.5.1. When an SVG file containing an image is rendered, a QTextLayout buffer overflow can occur...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fixed a NULL pointer dereferencing issue when removing debugfs. We now remove the debugfs entries of the device when unbinding the driver. This now causes a NULL-pointer dereferencing issue at the end of the module,...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick’s MagickCore/resize.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, specifically a division by zero in mathematics. This likely results in a disruption to the application’s functionality, but it may als...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: In the tunnels section, there’s no need to assume that the macheader is set when using skbtunnelcheckpmtu. The recently added debug in commit f9aefd6b2aa3 “net: warn if mac header was not set” identified a bug in...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Forcibly leave nested virtualization mode when SMM state is toggled The nested virtualization mode is forcibly exited if the user space toggles the SMM state using KVMSETVCPUEVENTS or KVMSYNCX86EVENTS. If the user space...

Astra Linux – Vulnerability in Thunderbird

When a worker is shut down, it was possible for the script to run late in the lifecycle, at a time when it should not be possible. This vulnerability affects Firefox 96, Thunderbird 91.6, and Firefox ESR 91.6...

Astra Linux – Vulnerability in sane-backends

A out-of-bounds read in SANE backends before version 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, also known as GHSL-2020-083...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: The neighnotify function can be called without RTNL or RCU protection. Use RCU protection to avoid potential Universal Atomic Faults UAF...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Prevent an incorrect count for tracingcpumaskwrite. If a large count is provided, it will trigger a warning in bitmapparseuser. Also, check for zero in that case...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834writefrequency, clkgetrate may return 0. In such cases, the call to ad9834calcfreqreg will result in a division by zero. Checking if fout clkfreq / 2 do...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: hwmon: axi-fan-control Fixed a possible NULL pointer dereferencing issue. axifancontrolirqhandler, which depends on the private axifancontroldata structure, might be called before the hwmon device is registered. This could lead t...

Astra Linux – Vulnerability in snappy-java

Snappy-Java is a Java port of the snappy, a fast C++ compressor/decompressor developed by Google. It was found that the SnappyInputStream is vulnerable to Denial of Service DoS attacks when decompressing data with a too large chunk size. Due to a lack of a upper bound check on the chunk length, a...