18095 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Added bpfprogrundatapointers syzbot found that clsbpfclassify can change tcskbcbskb-dropreason, triggering a warning in skskbreasonDrop. WARNING: CPU: 0, PID: 5965, at net/core/skbuff.c:1192 skskbreasonDrop,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: md/raid5: Fixed possible null-pointer dereferences in raid5storegroupthreadcnt. The variable mddev-private is first assigned to conf, and then checked: c conf = mddev-private; if !conf… If conf is NULL, then mddev-private is also...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: NFSD: fixed a race condition between nfsd registration and exportsproc Currently, nfsd calls createprocexportsentry at the beginning of initnfsd, and cleanup is performed by removeprocentry at the end of exitnfsd. This can lea...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: The code for radeonfenceprocess has been removed in issignaled, preventing deadlocks. The attempt to advance the queue when checking whether the fence is signaled has been eliminated. This prevents deadlocks. The...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fixed a potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: nfsd: Check that the server is running in unlockfilesystem. If we try to unlock the filesystem via an administrative interface, and nfsd is not running, it will cause the server to crash. This occurs currently because the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fixed a possible data race in fore200eopen. Access to the field fore200e-availablecellrate is protected by the ratemtx lock in the error-handling code of fore200eopen to prevent a data race. The field...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, the URBDRC client did not perform bounds checking on the MSUSBINTERFACEDESCRIPTOR values provided by the server and used these values as indices in libusbudevcompletemsconfigsetup, resulting in an...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server could trigger a heap buffer overflow in FreeRDP clients by using the GDI surface pipeline e.g., xfreerdp to send an RDPGFX ClearCodec surface command with an out-of-bounds destination...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check dcehwseq before dereferencing it. WHAT hws was checked for being null earlier in dce110blankstream, indicating that hws can be null. This check should be performed whenever hws is used. Cherry-picked from...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: The zero-initialize of the eb.vma array in i915gemdoexecbuffer was corrected. The eb.vma array is initialized with values of 0 when the eb structure is first set up. Specifically, this sets the eb-vmai.vma pointers ...
Astra Linux – Vulnerability in Chromium
The use of “after free” in PDFs in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: Fixed potential memory leaks in rtl8180initrxring In rtl8180initrxring, memory is allocated for skb packets and DMA allocations within a loop. When an allocation fails, the previously successful allocations are not...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: F2FS: Invalidate the dentry cache when failing to create a whiteout entry. F2FS allows for mounting file systems with corrupted directory depth values that are clamped to MAXDIRHASHDEPTH at runtime. When RENAMEWHITEOUT operations...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: espintcp: A race condition in espintcpclose has been fixed. This issue was discovered during a code audit. After espintcpclose is called, espintcptxwork can still be scheduled using functions like the Delayed ACK handler or...
Astra Linux – Vulnerability in PostgresSQL-15
Lack of validation for multibyte character lengths in PostgreSQL text manipulation allows a database user to execute crafted queries that lead to a buffer overflow. This enables the execution of arbitrary code as the operating system user running the database. Versions prior to PostgreSQL 18.2,...
Astra Linux – Vulnerability in Chromium
Using “after free” in Codecs in Google Chrome before version 147.0.7727.101 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted video file. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Integer overflow in WebRTC in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to perform an out-of-bounds memory write through a crafted HTML page. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, in the RLE planar decode process, planardecompressplanerle wrote into pDstData at nYDst+y nDstStep + 4nXDst + nChannel, without verifying that nYDst+nSrcHeight fits within the destination height or that...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: sched/rt: Fixed a race condition in the pushrttask function. Overview ======== When a CPU decides to call the pushrttask function and selects a task to be pushed onto another CPU’s runqueue, it will invoke the findlocklowestrq...
Astra Linux – Vulnerability in Chromium
In WebAudio, operations of reading and writing data outside of the allowed range in Google Chrome before version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDFium in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...
Astra Linux – Vulnerability in libpng1.6
LIBPNG is a reference library used in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to version 1.6.55, there was an out-of-bounds read vulnerability in the pngsetquantize API function. When this function is called without a histogram and th...
Astra Linux – Vulnerability in Chromium
Insufficient policy enforcement in PWA implementations in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent, through a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions in the Graphics component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in networking: JAR components. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Privilege escalation in the Messaging System component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Invalid pointer in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Privilege escalation in the Netmonitor component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Memory safety bugs exist in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146, and Thunderbird 146. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...
Astra Linux – Vulnerability in Firefox and Thunderbird
DOM spoofing issue: Copy & Paste and Drag & Drop components. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
Astra Linux – Vulnerability in Firefox and Thunderbird
Bypass of the same-origin policy in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions in the Graphics:CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
Astra Linux – Vulnerability in Firefox and Thunderbird
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
A use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...
Astra Linux – Vulnerability in Firefox and Thunderbird
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
Astra Linux – Vulnerability in Firefox and Thunderbird
Use-after-free in the DOM: Window and Location components. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...