18095 matches found
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: nvme-multipath: fixed the lockdep warning due to the partition scan operation. The test cases nvme/014, 057, and 058 occasionally fail due to the lockdep warning. As reported in the Closes tag URL, this warning indicates that ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: “arm64: zynqmp: Add an OP-TEE node to the device tree” This issue has been resolved through the commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically inserts a reserved-memory node along with the...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Added bpfprogrundatapointers syzbot found that clsbpfclassify can change tcskbcbskb-dropreason, triggering a warning in skskbreasonDrop. WARNING: CPU: 0, PID: 5965, at net/core/skbuff.c:1192 skskbreasonDrop,...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: mptcp: fixed a race condition in mptcppmdeladdtimer The mptcppmdeladdtimer function can call skstoptimersyncsk, &entry-addtimer. It is reported that there might already be a free entry, as reported by syzbot. Added RCU...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: vsock: Ignore signals/timesouts on connect if the socket is already established. During connect, acting on a signal/timesout by disconnecting an already established socket leads to several issues: 1. connect invokes...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: md/raid5: Fixed possible null-pointer dereferences in raid5storegroupthreadcnt. The variable mddev-private is first assigned to conf, and then checked: c conf = mddev-private; if !conf… If conf is NULL, then mddev-private is also...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: NFSD: fixed a race condition between nfsd registration and exportsproc Currently, nfsd calls createprocexportsentry at the beginning of initnfsd, and cleanup is performed by removeprocentry at the end of exitnfsd. This can lea...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: The code for radeonfenceprocess has been removed in issignaled, preventing deadlocks. The attempt to advance the queue when checking whether the fence is signaled has been eliminated. This prevents deadlocks. The...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fixed a potential UAF in xeoaaddconfigioctl In xeoaaddconfigioctl, we accessed oaconfig-id after dropping metricslock. Since this lock protects the lifetime of oaconfig, an attacker could guess the id and call...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: nfsd: Check that the server is running in unlockfilesystem. If we try to unlock the filesystem via an administrative interface, and nfsd is not running, it will cause the server to crash. This occurs currently because the...
Astra Linux – Vulnerability in GIMP
GIMP PGM File Parsing: Uninitialized Memory Causes Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fixed a possible data race in fore200eopen. Access to the field fore200e-availablecellrate is protected by the ratemtx lock in the error-handling code of fore200eopen to prevent a data race. The field...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the chips-media: wave5 module, the order of device cleanup was corrected to prevent kernel panic. The process of removing video devices was moved to the beginning of the removal function to ensure that all video operations are...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Wifi: rtl818x: Fixed potential memory leaks in rtl8180initrxring In rtl8180initrxring, memory is allocated for skb packets and DMA allocations within a loop. When an allocation fails, the previously successful allocations are not...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: F2FS: Invalidate the dentry cache when failing to create a whiteout entry. F2FS allows for mounting file systems with corrupted directory depth values that are clamped to MAXDIRHASHDEPTH at runtime. When RENAMEWHITEOUT operations...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: espintcp: fixed skb leaks. Several error paths now include a kfreeskb...
Astra Linux – Vulnerability in Chromium
The use of after-free in CSS in Google Chrome before version 146.0.7680.178 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in gst-plugins-bad1.0
GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder did not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Before version 146.0.7680.178, using WebCodecs in Google Chrome allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: btrfs: In the send operation, it is necessary to check for inline extents within the rangeisholeinparent function. Before accessing the diskbytenr field of a file extent item, we need to check whether we are dealing with an inlin...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerabilities have been resolved: blk-cgroup: The reinit operation for blkgiostatset is performed after clearing data in blkcgresetstats. When the blkgalloc function is called to allocate a blkcggq structure along with its associated blkgiostatset, there are t...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Team: Move teamdevicetypechange to the end of teamportadd. Attempting to add a port device that is already up will, unsurprisingly, fail. However, this failure occurs before modifying the teamdeviceheaderops. In the case of the...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: pNFS: Fixed a deadlock that occurred when returning a delegation during the open function. Ben Coddington reported seeing a hang in the following stack trace: 0 ffffd0b50e1774e0 schedule at ffffffff9ca05415 1 ffffd0b50e177548...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free There is a use-after-free bug in the Tegra ADMA driver when audio streams are terminated, especially during XRUN conditions. The issue occurs when the DMA buffer is freed by...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfAppUpdateWindowFromSurface reused a cached XImage, where the data pointer referred to an RDPGFX surface buffer that had been freed. This was because gdiDeleteSurface freed surface-data without invalidating...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfrailserverlocalmovesize dereferenced a freed xfAppWindow pointer because xfrailgetwindow returned an unprotected pointer from the railWindows hash table. This could allow the main thread to delete the wind...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-17 and 6.9.13-42, the NewXMLTree method contained a bug that could lead to a crash due to an out-of-write-bound situation involving a single zero byte. Versions 7.1.2-17 and...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: f2fs: a fix was made to avoid overflow during left shift operations. The type of folio-index should be changed from pgofft to lofft to prevent overflow during left shift operations...
Astra Linux – Vulnerability in cups
OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, a local unprivileged user could force cupsd to authenticate against a localhost IPP service controlled by the attacker, using a reusable “Authorization: Local…”...
Astra Linux – Vulnerability in Chromium
Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Systemd
In nspawn in systemd 233 through 259, before 260, an escape-to-host action can occur through a crafted optional config file...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap information disclosure vulnerability in ImageMagick’s PSD Adobe Photoshop format handler. When processing a maliciously crafted PSD file...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: Check actuallength before accessing the data. The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, authorization based on the "domain=" path parameter was checked before the final file could be opened or used. A symlink swap was used to bypass the policy-deni...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server could cause the FreeRDP client to crash by sending audio data in IMA ADPCM format with an invalid initial step index value = 89. The invalid step index was read directly from the netwo...
Astra Linux – Vulnerability in Firefox
A spoofing issue exists in the Privacy: Anti-Tracking component. This vulnerability has been fixed in Firefox 149 and Thunderbird 149...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: espintcp: A race condition in espintcpclose has been fixed. This issue was discovered during a code audit. After espintcpclose is called, espintcptxwork can still be scheduled using functions like the Delayed ACK handler or...
Astra Linux – Vulnerability in PostgresSQL-15
Lack of validation for multibyte character lengths in PostgreSQL text manipulation allows a database user to execute crafted queries that lead to a buffer overflow. This enables the execution of arbitrary code as the operating system user running the database. Versions prior to PostgreSQL 18.2,...
Astra Linux – Vulnerability in Python 3.11
When an Expat parser with a registered ElementDeclHandler parses an inline document type definition containing a deeply nested content model, a C stack overflow occurs...
Astra Linux – Vulnerability in PostgresSQL-15
Improper validation of the “oidvector” type in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out the possibility of attacks where confidential information is included in the disclosed bytes, but such attacks seem unlikely. Versions of PostgreSQL pri...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: bcm-sba-raid: Fixed a device leak during probe failures and when the driver unbind the device. Make sure to remove the references made when looking up the mailbox device during probe failures and when the driver...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, there was a heap buffer over-read vulnerability in the DJVU image format handler. This vulnerability occurred due to integer truncation during the calculation o...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: iomap: The read range is adjusted correctly for positions that are not block-aligned. The iomapadjustreadrange function assumes that the position and length passed in are block-aligned. However, this is not always the case, as...
Astra Linux – Vulnerability in Chromium
Before version 147.0.7727.101, writing GPU commands in Google Chrome allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...
Astra Linux – Vulnerability in Chromium
Insufficient validation of untrusted input in the Media section of Google Chrome before version 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in gst-plugins-good1.0
GStreamer rtpqdm2depay: Out-of-bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...