18095 matches found
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: The double-free operation in dvbregisterdevice has been fixed. In the function dvbregisterdevice - dvbregistermediadevice - dvbcreatemediaentity, the dvb-entity is allocated and initialized. If the initialization...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Handling of errors from attrsetsize when truncating files. If attrsetsize fails during file truncation, the error is silently ignored, and the inode may remain in an inconsistent state...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed recursive locking in RPC handle list access Since commit 305853cce3794 “ksmbd: Fixed race condition in RPC handle list access”, the ksmbdsessionrpcmethod function attempts to lock sess-rpclock. This causes hung...
Astra Linux – Vulnerability in Tiff
A vulnerability was discovered in the TIFFReadDirectory function of libtiff before version 4.4.0, which allows attackers to cause a denial of service through a crafted TIFF file...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: blk-throttle: prevented overflow during the calculation of wait time. There is a problem identified during code review in tgwithinbpslimit; the expression ‘bpslimit jiffyelapsedrnd’ might cause an overflow. This issue can be fixe...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Added validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: comedi: Fixed the use of uninitialized data in insnrwemulatebits. For Comedi INSNREAD and INSNWRITE instructions on “digital” subdevices subdevice types COMEDISUBDDI, COMEDISUBDDO, and COMEDISUBDDIO, it is common for the subdevic...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: Core: Prevent panic during UVC unconfiguration Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget’s configuration. The panic involves a somewhat complex...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: kobject: A sanity check was added for kset-kobj.ktype in ksetregister. When I register a kset in the following manner: c static struct kset mykset; kobjectsetname&mykset.kobj, "mykset"; ret = ksetregister&mykset; A null pointer...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed a UAF issue in nfqnlnfhookDrop when opsinit fails. When the opsinit function is called to initialize the network, but ops-init fails, data is released. However, the pointer ptr in net-gen becomes invalid. In this...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: afs: Fixed lock recursion issue The function afswakeupasynccall can lead to lock recursion. The problem arises when this function is called from AFRXRPC while holding the -notifylock. However, it attempts to acquire a reference t...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: ext4: Mitigated the risk of underflow of the EA inode refcount during xattr updates. Syzkaller identified a path in ext4xattrinodeupdateref where the refcount of EA inodes is checked, and if it is already ref underflow:...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixing the lifetime of the sysfs interface The current nilfs2 sysfs support has issues with the timing of the creation and deletion of sysfs entries. This may lead to null pointer dereferences, use-after-free errors, a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: vsock: Fixed lock inversion in vsockassigntransport. Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by the commit...
Astra Linux – Vulnerability in Ruby-Rack
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, “Rack::Multipart::Parser” stores non-file form fields fields without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes ...
Astra Linux – Vulnerability in Golang-logrus
There is a denial-of-service vulnerability in github.com/sirupsen/logrus when using Entry.Writer to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read operation fails with “token too long”, and the writer pipe is close...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ASoC: lpass: Fix for KASAN use-after-free out of bounds. When we run syzkaller, we encounter an Out of Bounds error. “KASAN: slab-out-of-bounds Read in regcacheflatread.” The issue’s backtrace is as follows: BUG: KASAN:...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “perf trace: Really free the evsel-priv area” In 3cb4d5e00e037c70 “perf trace: Free syscall tp fields in evsel-priv”, it only freed the area if strcmpevsel-tpformat-system, “syscalls” returned zero. However, the initialization of...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: srcu: Delegating tasks to the booting CPU when using SRCUSIZESMALL. The commit 994f706872e6 “srcu: Making the Tree SRCU capable of operating without the snpnode array” assumes that CPU 0 is always online. However, there are...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: Media: i2c: ov772x: Fixed a memory leak in ov772xprobe. A memory leak was reported when testing ov772x with the bpf mock device. AssertionError: Unreferenced object 0xffff888109afa7a8 size 8: comm "python3", pid 279, jiffies...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcdmipid: Fixed an error handling path in mipidspiprobe. If ‘mipiddetect’ fails, we must free ‘md’ to avoid a memory leak...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: The severity of the WARN message has been reduced to being sent to devdbg within the callback. The warning is triggered due to a known race condition, which is documented in the code above. This issue is now properl...
Astra Linux – Vulnerability in ffmpeg
A flaw was discovered in FFmpeg’s HLS playlist parsing. This vulnerability allows for a denial of service through a maliciously crafted HLS playlist, which triggers a null pointer dereference during initialization...
Astra Linux – Vulnerability in Jetty9
There exists a security vulnerability in Jetty’s ThreadLimitHandler.getRemote method, which can be exploited by unauthorized users to trigger remote denial-of-service DoS attacks. By repeatedly sending malicious requests, attackers can cause OutofMemory errors and exhaust the server’s memory...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: erofs: Fixed invalid cases for encoded extents. Robert recently reported two corrupted images that can cause system crashes. These issues are related to the new encoded extents introduced in Linux 6.15: - The first image has...
Astra Linux – Vulnerability in linux-astra-modules-6.1, linux-astra-modules-5.10, linux-astra-modules-5.15
The vulnerability of Linux Astra Modules’ kernel modules is related to insufficient validation of input data. Exploiting this vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: schedext: The crash that occurred during the creation of helper kthreads due to scxenable has been fixed. A crash was observed when the schedext selftest runner was terminated with Ctrl+\ while test 15 was running: NIP...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: In the gpio module, for cdev devices, it is necessary to ensure that the cdev file descriptor remains active before emitting events. When the fput function is finally called on a file descriptor, the release action may be delayed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Media: PCI: mg4b: Fix for uninitialized IIO scan data. The issue of potential leakage of uninitialized stack data into the user space has been addressed by ensuring that the scan structure is cleared before use...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: A potential memory leak was fixed by cleaning the opsfilter variable in damonDestroyScheme. Currently, damonDestroyScheme only cleans up the filter list but leaves opsfilter untouched. This could lead to memory lea...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: The link ID is cleared from the bitmap during link deletion after cleanup. Currently, during link deletion, the link ID is first removed from the validlinks bitmap before any cleanup operations are performed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mac80211: Fix for corruption due to changed flags in MBSS on 32-bit systems. On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using oreachsetbitbit, &bits, sizeofchanged...
Astra Linux – Vulnerability in libxml2
The vulnerability of the xmlBuildRelativeURI function in the uri.c component of the Libxml2 library is related to reading data beyond the allowable buffer size. Exploiting this vulnerability allows an attacker to cause service failures remotely...
Astra Linux – Vulnerability in WebKit2GTK
This issue has been resolved through improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fixed the SGI cleanup process when the device is unbound. The driver incorrectly determines whether an interrupt is an SGI or SPI interrupt by checking if the IRQ number is less than 16. This issue occurs wit...
Astra Linux – Vulnerability in Thunderbird
matrix-js-sdk is a client-server SDK for the Matrix messaging protocol, designed for JavaScript. In versions prior to 19.4.0, events sent with special strings in key locations could temporarily disrupt or hinder the proper functioning of matrix-js-sdk, potentially affecting the consumer’s ability...
Astra Linux – Vulnerability in libgit2
A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. The checkout.c file mishandles equivalent filenames that exist due to NTFS short names. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1353...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: SELinux: The use of both GFPKERNEL and GFPATOMIC in convertcontext was enabled. The following warning was triggered in a hardware environment: SELinux: Converting 162 SID table entries... BUG: The sleeping function was called...
Astra Linux – Vulnerability in Thunderbird
By creating a malformed file name for an attachment in a multipart message, an attacker can trick Thunderbird into including a directory listing of /tmp when the message is forwarded or edited as a new message. This vulnerability could allow attackers to disclose sensitive information from the...
Astra Linux – Vulnerability in OVN
A flaw was discovered in the Open Virtual Network OVN. Specifically, specially crafted UDP packets may bypass egress access control lists ACLs in OVN installations that are configured with a logical switch equipped with DNS records. This occurs if the same switch has any egress ACLs configured...
Astra Linux – Vulnerability in linux-astra-modules-5.4, linux-astra-modules-5.10, linux-astra-modules-5.15
The vulnerability of the pdplget function in the linux-astra-modules kernel module is related to the assignment of a null pointer. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in linux-astra-modules-5.10, linux-astra-modules-5.15, linux-astra-modules-6.1
The vulnerability of Linux Astra Modules relates to errors during thread blocking. Exploiting this vulnerability allows an attacker to compromise data integrity and also cause service failures through the use of a specially created file system...
Astra Linux – Vulnerability in Parsec
The vulnerability of the capfree function in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Parsec
The vulnerability of the pdp-id utility in the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fixed a race condition between sysfs and perf modes. When attempting to run both perf and sysfs modes simultaneously, the WARNON function in tmcetrenablehw was sometimes triggered. WARNING: CPU: 42 PID: 391157...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: crosectypec: Stale pointers have been set to zero. The function crostypecgetswitchhandles allocates four pointers when obtaining type-c switch handles. These pointers are all freed if none of them are obtained...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: riscv: trace: fix snapshot deadlock with sbi ecall If the functions in sbiecall.c are traceable, the command: echo "sbiecall:snapshot" /sys/kernel/tracing/setftracefilter can cause the kernel to enter a deadlock. Functions in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: The handling of vfork/CLONEVM functions must be corrected properly. Matthieu and Jiri reported that there were stalls occurring when a task repeatedly looped in mmgetcid during scheduling. It turned out that the logi...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu/powerplay/psm: A memory leak was fixed in the power state initialization process. The commit 902bc65de0b3 „drm/amdgpu/powerplay/psm: Return an error in power state init“ ensured that the power state initialization...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Block: Fix for a race condition between wbtenabledefault and IO submission. When wbtenabledefault is executed outside of the queue freezing mechanism in elevatorchange, it can cause the wbt inflight counter to become negative -1,...