18095 matches found
Astra Linux – Vulnerability in WebKit2GTK
A type confusion issue has been resolved through improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, and tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: media: vsp1: Replace vb2isstreaming with vb2startstreamingcalled. The vsp1 driver uses the vb2isstreaming function in its .bufqueue handler to check whether the .startstreaming operation has been called. It then decides whether t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ublk: Use READONCE to read the struct ublksrvctrlcmd. struct ublksrvctrlcmd is part of the iouringsqe, which may reside in user-space-mapped memory. Accessing its fields normally is risky, as userspace may write to them...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: A race condition has been fixed when checking rpmon. When autosuspend is triggered, the rpmon flag is set to indicate that a suspend/resume is already in progress. However, when a user-space application submits a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ima: Fixed a stack-out-of-bounds issue in isbprmcredsforexec KASAN reported a stack-out-of-bounds access in imaappraisemeasurement from isbprmcredsforexec: BUG: KASAN: Stack-out-of-bounds in imaappraisemeasurement+0x12dc/0x16a0 A...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Rust: pwm: Fixed a potential memory leak during initialization errors. When initializing a PWM chip using pwmchipalloc, the allocated device requires an initial reference, which must be released in all error scenarios. If...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 – “Unregister” is only available for algorithms. EIP93 has an options register. This register indicates which crypto algorithms are implemented in silicon. Supported algorithms are registered based on...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock A global static spinlock has been added to serialize the fetch+reset operations of the counter, preventing concurrent “dump-and-reset” operations from accessing counter values ...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: s390/idle: Marking archcpuidle as having no instructions The linux-next commit “cpuidle: tracing: Warning about !rcuiswatching” adds a new warning that affects the archcpuidle function on the s390 architecture. WARNING: “CPU: 2...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs – fixed a potential memory leak in rtwinitdrvsw. In rtwinitdrvsw, various initialization functions are called to populate the padapter structure, and certain checks are performed on their return values. However...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
Astra Linux – Vulnerability in ffmpeg5
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, there is a potential security vulnerability due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: afunix: Fixed a memory leak in newsk during unixstreamconnect. When preparepeercred fails in unixstreamconnect, unixreleasesock is not called for newsk, resulting in memory leakage. We have moved preparepeercred before unixcreate...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: A memory leak has been fixed in amdxdnaubufmap. The amdxdnaubufmap function allocates memory for sg and internal sg table structures. However, it fails to free that memory if subsequent operations...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fixed a deadlock in nireadfoliocmpr. Syzbot reported a task that got hung in nireadpagecmpr now nireadfoliocmpr. This issue is caused by a lock inversion deadlock involving the inode mutex nilock and page locks. Scenari...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Remove initconst from gates. Since the commit 8ceff24a754a “clk: mediatek: clk-gate: Refactor mtkclkregistergate to use mtkgate struct”, the mtkgate structures are no longer only used for initialization/registratio...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fixed NULL pointer dereferencing during device tree parsing When probing the k230 pinctrl driver, the kernel triggers a NULL pointer dereferencing. The crash trace indicated: 0.732084 Unable to handle kerne...
Astra Linux – Vulnerability in udisks2
A vulnerability has been discovered in udisks2. This flaw allows an attacker to submit a specially crafted image file/USB, resulting in kernel panic. The greatest threat posed by this vulnerability is to system availability...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: GPIB: A memory leak has been fixed in niusbinit. In niusbinit, if niusbsetupinit fails, the function returns -EFAULT without freeing the allocated write buffer, resulting in a memory leak. Additionally, niusbsetupinit returns 0...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fixed the DMA-API call trace for NVMe LS requests. The following message and call trace were observed with debug kernels: DMA-API: qla2xxx 0000:41:00.0: The device driver failed to check the map error device...
Astra Linux – Vulnerability in fly-wm
The vulnerability of the fly-kompmgr utility for the fly-wm window manager is related to the manipulation of the zero pointer. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux - Vulnerability in node-sha.js
There is a vulnerability in input validation in sha.js that allows for manipulation of input data. This issue affects sha.js version 2.4.11...
Astra Linux – Vulnerability in libcpanel-json-xs-perl
Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow that causes a segfault when parsing crafted JSON, allowing for denial-of-service attacks or other unspecified impacts...
Astra Linux - Vulnerability in linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: riscv: Move memblockallowresize after linear mapping is ready The initial memblock metadata is accessed from the kernel image mapping. The regions arrays need to be "reallocated" from memblock and accessed through linear mapping ...
Astra Linux – Vulnerability in sssd
A race condition flaw was identified in sssd, where the GPO policy is not consistently applied to authenticated users. This could lead to improper authorization issues, granting or denying access to resources inappropriately...
Astra Linux – Vulnerability in gpac
A vulnerability, classified as problematic, was discovered in GPAC 2.3-DEV-rev35-gbbca86917-master. This vulnerability affects the gfm2tsprocesssdt function in the mediatools/mpegts.c file. The vulnerability results in a heap-based buffer overflow. Local exploitation is required. The exploit has...
Astra Linux – Vulnerability in Linux-Firmware
A GPU kernel can read sensitive data from another GPU kernel even from another user or application through an optimized GPU memory region called local memory on various architectures...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath9k – Avoid referencing uninitialized memory in ath9kwmictrlrx. For the same reasons described in commit b383e8abed41 “Wifi: ath9k – Avoid uninitialized memory reading in ath9khtcrxmsg”, ath9khtcrxmsg should validate the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: ath12k – Fixed deadlock during the flushing of management frames The commit 1 converted the management transmission work item into a wiphy work item. Since a wiphy work item can only run under wiphy lock protection, a race...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ext4: Silence the warning when evicting an inode with dioreadnolock When evicting an inode with the default dioreadnolock setting, it is possible for unwritten extents to convert kworker after writeback, resulting in newly...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: Wifi: cfg80211 – Reject authentication/association requests to APs using our own address. If the AP uses our own address as its MLD Media Access Point Identifier or BSSID Basic Service Set Identifier, then something is clearly...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: mmc: core: Fixed a kernel panic that occurred when removing a non-standard SDIO card. The SDIO tuple is only allocated for standard SDIO cards. Non-standard SDIO cards can cause memory corruption issues when they are removed. Thi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fixed a potential out-of-bounds read in iommummioshow. In iommummiowrite, the offset provided by the user is validated using the check: iommu-dbgmmiooffset iommu-mmiophysend - 4. This assumes a 4-byte access. However,...
Astra Linux – Vulnerability in gpac
A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ip6vti: The issue of “slab-use-after-free” in decodesession6 has been fixed. When the ipv6vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. This can lead to a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: vdpa: Added a queue index attr to the vdpanlpolicy structure for checking nlattr lengths. The vdpanlpolicy structure is used to validate the nlattr during the parsing of incoming nlmsg messages. It ensures that the described...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: The queuelock must be held when removing blkg-qnode. When blkg is removed from q-blkglist via blkgfreeworkfn, the queuelock must be held. Otherwise, various bugs such as list corruption, hard lockups, etc. may occur d...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: usb: mtu3: Fixed the kernel panic that occurred when the qmu transfer was completed and the irq handler was called. When handling the qmu transfer irq, the @mtu-lock is unlocked before returning the request. If another thread...
Astra Linux – Vulnerability in libxml2
The vulnerability of the xmlParseAttValueComplex function in the parser.c component of the Libxml2 library is related to the use of memory after it is freed. Exploiting this vulnerability allows an attacker to cause a service failure...
Astra Linux – Vulnerability in Linux 5.10
Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector, but the upstream commit 8594d9b85c07 "afunix: Do not call skbget for OOB skb" addresses this issue. When orphaned MSGOOB sockets reach unixgc, the garbage collector still calls kfreeskb, assuming that OOB SKBs hold two references...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: hd44780: A potential memory leak was fixed in hd44780remove. hd44780probe allocates a memory block for hd using kzalloc, and makes “lcd-drvdata-hd44780” point to it. When calling hd44780Remove, we should release all...
Astra Linux – Vulnerability in Node-Elliptic
In the Elliptic package 6.5.6 for Node.js, ECDSA signature malleability occurs because BER-encoded signatures are allowed...
Astra Linux – Vulnerability in Tomcat9
Improper handling of exceptional conditions, and uncontrolled resource consumption vulnerabilities in Apache Tomcat. When processing an HTTP/2 stream, Tomcat failed to correctly handle some cases of excessive HTTP headers. This resulted in an incorrect count of active HTTP/2 streams, leading to t...
Astra Linux – Vulnerability in Tomcat9
Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass certain rewrite rules. If those rewrite rules effectively enforced security constraints,...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL rendering thread led to a heap use-after-free. Specifically, a pointer to sdl-primary SDLSurface was accessed after it had been...
Astra Linux – Vulnerability in Apache2
A NULL pointer dereference in moddavlock in the Apache HTTP Server 2.4.66 and earlier versions may allow an attacker to crash the server with a malicious request. moddavlock is not used internally by moddav or moddavfs. The only known use-case for moddavlock was in moddavsvn from Apache Subversio...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Memory: pl353-smc: Fixed a reference count leak in pl353smcprobe. The foreachavailablechildofnode function requires a corresponding ofnodeput call when the reference ‘child’ is no longer used. In this case, we don’t need to ca...
Astra Linux – Vulnerability in NTP
In ntp 4.2.8p10, 4.2.8p11, 4.2.8p12, and 4.2.8p13, remote attackers can prevent a broadcast client from synchronizing its clock with a broadcast NTP server through soofed modes 3 and 5. The attacker must either be part of the same broadcast network or control a slave device in that broadcast...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix for out-of-bounds access When the value of Output Resource dcb-or is assigned in fabricatedcboutput, there may be an out-of-bounds access to the dacusers array, especially when dcb-or is zero. This occurs because...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
A null pointer dereference flaw was discovered in the Linux kernel API for the cryptographic algorithm scatterwalk functionality. This issue occurs when a user constructs a malicious packet with specific socket configurations, which could allow a local user to crash the system or escalate their...