18095 matches found
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix for double execution of the request. If a netfs request completes during the pause loop, the reference belonging to the INPROGRESS flag will be removed at that point. However, if the request proceeds to the final wait...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmf: Use device-managed allocations. If setting up smart PC fails for any reason, it can lead to a double-free when unloading amd-pmf. This occurs because dev-buf was freed but never set to NULL, and then...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: libwx: removed the duplicate function pagepoolputfullpage The pagepoolputfullpage function should only be called when freeing Rx buffers or when creating an skb if the size is too short. At other times, the pages need to be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fixed a kernel crash that occurred when the GPU was hard-reset. The GPU hard-reset sequence calls pmruntimeforcesuspend and pmruntimeforceresume. According to their documentation, these functions should only be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: virtio-net: The recursive rtnllock function occurs during the probe operation. This deadlock appears in a stack trace like this: virtnetprobe rtnllock virtioconfigChangedWork netdevNotifyPeers rtnllock This occurs when the VMM...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: All LMTT pages are cleared upon allocation. Our LMEM buffer objects are not cleared by default upon allocation. During VF provisioning, we only set up LMTT PTEs for the actually provisioned LMEM range. However, beyond...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Wifi: mt76: mt7925: Fixed the nullptrderef in mt7925thermalinit. devmkasprintf returns NULL when there is an error. Currently, mt7925thermalinit does not check for this case, resulting in a NULL pointer dereference. Add a NULL...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: btusb – Fixed a potential NULL dereferencing issue due to kmalloc failure. By checking the return value of kmalloc and properly handling allocation failures, potential NULL pointer dereferencings can be avoided...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Firmware: csdsp: Fixed an out-of-bounds memory read access in KUnit tests ctlcache. KASAN reported an out-of-bounds access: csdspctlcacheinitmultipleoffsets. The code used mockcoefftemplate.lengthbytes 4 bytes for register value...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double-free when failing to DMA-map FW msg The semantics are that the caller of fbnicmbxmapmsg retains ownership of the message in case of an error. All existing callers properly free the allocated memory page...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: zloop: Fixed the KASAN use-after-free of the tagset. When a zloop device is removed, the KASAN-enabled kernel reports a “BUG KASAN use-after-free” in the blkmqfreetagset function. This bug occurs because zloopctlRemove calls...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: clk: imx95-blk-ctl: Fixed synchronous abort When enabling runtime PM for clock suppliers that also belong to a power domain, the following crash occurs: Error: Synchronous external abort: 0000000096000010 1 PREEMPT SMP Workqueue:...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: Firmware: dmi-sysfs: Fixed the null-ptr-deref issue in dmisysfsregisterhandle. KASAN reported a null-ptr-deref error: KASAN: Null-ptr-deref in the range 0x0000000000000008-0x000000000000000f. CPU: 0; PID: 1373; Comm: modprobe...
Astra Linux – Vulnerability in Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the issue where idisksize could exceed isize in partially written cases. It is possible for idisksize to exceed isize, triggering a warning. genericperformwrite: - copied = iovitercopyfromuseratomiclen // copied...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: ALSA: hda: Fixed an error related to the names of surround channels in version 9.1. The getlineoutpfx function may trigger an error due to overflowing a static array with more than 8 channels. This issue was reported on...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: PM: EM: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must have had dput called on it; otherwise, memory will leak over time. To simplify things, simply call debugfslookupandremove, whi...
Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed a memory leak when insertoldidx failed. The following process will cause a memory leak for the copied znode: dirtycowznode zn = copyznodec, znode; err = insertoldidxc, zbr-lnum, zbr-offs; if unlikelyerr return...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: batman-adv: Bypass of empty buckets in batadvpurgeorigref Many syzbot reports point to soft lockups in batadvpurgeorigref 1 The root cause is unknown, but we can avoid spending too much time on this issue and potentially obtain...
Astra Linux – Vulnerability in the 389-DS-base
The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying userPassword using malformed input...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
A buffer overflow vulnerability was discovered in the Netfilter subsystem of the Linux kernel. This issue could allow the leakage of both stack and heap addresses, and potentially enable Local Privilege Escalation to the root user through arbitrary code execution...
Astra Linux – Vulnerability in Vim
Vim is vulnerable to Use After Free vulnerabilities...
Astra Linux – Vulnerability in Linux, Linux 5.10
A vulnerability was discovered in the pfkeyregister function in the net/key/afkey.c file within the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, resulting in a system crash or the leakage of internal kernel information...
Astra Linux – Vulnerability in gzip, xz-utils
A arbitrary file writing vulnerability was discovered in the GNU gzip’s zgrep utility. When zgrep is applied to a file name chosen by the attacker e.g., a crafted file name, it can overwrite the content of the target file with an arbitrary file selected by the attacker. This flaw arises due to...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the KVM’s AMD code, responsible for supporting SVM nested virtualization. The flaw occurs during the processing of the VMCB virtual machine control block provided by the L1 guest, which is used to spawn or handle a nested guest L2. Due to improper validation of the “intct...
Astra Linux – Vulnerability in Qemu
It was found that the patch for CVE-2020-17380/CVE-2020-25085 is ineffective. As a result, QEMU becomes vulnerable to out-of-bounds read/write access issues that were previously identified in the SDHCI controller emulation code. This flaw allows a malicious privileged attacker to crash the QEMU...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel before version 5.9. Arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service soft lockup by triggering the destruction of a large SEV VM, which requires unregistering many encrypted regions. This vulnerability is also known as...
Astra Linux – Vulnerability in curl
Curl versions 7.63.0 through 7.75.0 include a vulnerability that allows a malicious HTTPS proxy to intercept connections by mishandling TLS 1.3 session tickets. When using an HTTPS proxy and TLS 1.3, libcurl may misinterpret session tickets sent from the HTTPS proxy as those originating from the...
Astra Linux – Vulnerability in atftp
There is an exploitable denial-of-service vulnerability in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests triggers an assert call, resulting in a denial-of-service attack. An attacker can send a sequence of malicious packets...
Astra Linux – Vulnerability in libwebp
A flaw was discovered in libwebp in versions prior to 1.0.1. An out-of-bounds read was identified in the ChunkVerifyAndAssign function. The greatest threat posed by this vulnerability is related to data confidentiality and service availability...
Astra Linux – Vulnerability in OpenLDAP
A flaw was discovered in OpenLDAP before version 2.4.57. This flaw led to an assertion failure in slapd during the X.509 DN parsing in the decode.c file, specifically at the bernextelement function. This caused a denial of service...
Astra Linux – Vulnerability in libwebp
A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the ApplyFilter function...
Astra Linux – Vulnerability in konsole
KDE Konsole prior to version 25.04.2 allowed remote code execution in certain scenarios. It supported loading URLs from scheme handlers such as ssh://, telnet://, or rlogin:// URLs. This could be executed regardless of whether the ssh, telnet, or rlogin binary was available. In this mode, there w...
Astra Linux – Vulnerability in rpm
A flaw was discovered in RPM’s signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause damage to the RPM database and execute malicious code. The most...
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fixed races between xattrset|get and listxattr operations. Some issues may occur when performing concurrent xattrset|get and listxattr operations, such as assertion failures, memory corruption, and stale xattr values1. The...
Astra Linux – Vulnerability in Linux
A flaw was discovered in the CAN BCM networking protocol within the Linux kernel. A local attacker can exploit this flaw in the CAN subsystem to corrupt memory, cause the system to crash, or escalate privileges. This race condition in the net/can/bcm.c file of the Linux kernel allows for local...
Astra Linux – Vulnerability in Linux
A use-after-free occurred in the function hcisockboundioctl of the Linux kernel’s HCI subsystem. This issue arises when the user calls ioct HCIUNBLOCKADDR, or when the call to hciunregisterdev triggers a race condition, along with the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel versions 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur during batch hypercalls, where multiple operations are performed in a single hypercall. The success or failure of each operation is reported to the backend driver, and the...
Astra Linux – Vulnerability in Apache2
Apache HTTP Server versions 2.4.0 to 2.4.46: A specially crafted Cookie header handled by modsession can lead to a NULL pointer dereferencing and crash, potentially causing a Denial Of Service attack...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fixed a typographical error in the frequency notification. The NAN notification refers to a frequency of 5745 MHz, which corresponds to channel 149, not 5475—which is not a valid channel at all. This could le...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: net: vlan: Fixed an issue where the refcount imbalance of VLAN 0 occurred during runtime, due to toggling filtering. Assuming the “rx-vlan-filter” feature is enabled on a network device, the 8021q module will automatically add...
Astra Linux – Vulnerability in Firefox and Thunderbird
GetBoundName might return the wrong version of an object when JIT optimizations are applied. This vulnerability affects Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10...
Astra Linux – Vulnerability in python-pip
A flaw was discovered in python-pip regarding its handling of Unicode separators in git references. A remote attacker could potentially exploit this issue to install a different revision in a repository. The greatest threat posed by this vulnerability is to data integrity. This issue has been fix...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, in ClearCodec, when glyphData was present, cleardecompress called freerdpimagecopynooverlap without validating the destination rectangle. This allowed out-of-bounds read/writing through crafted RDPGFX surfac...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex items In the function qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: flowtable: account for Ethernet header in nfflowpppoeproto syzbot found a potential access to uninit-value in nfflowpppoeproto The responsible commit forgot to account for the Ethernet header. BUG: KMSAN: uninit-val...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: - Do not allow gsosize to be set to GSOBYFRAGS. One missing check in virtionethdrtoskb allowed syzbot to crash kernels again 1. Do not allow gsosize to be set to GSOBYFRAGS 0xffff, because this magic value is used by the kerne...
Astra Linux – Vulnerability in curl
Curl versions 7.62.0 through 7.70.0 are vulnerable to an information disclosure vulnerability that can result in a partial password being leaked over the network and to the DNS servers...
Astra Linux – Vulnerability in Linux
A vulnerability was discovered in the Linux kernel, specifically in the spkttyioreceivebuf2 function. This function dereferences the spkttyiosynth variable without checking whether it is NULL or not. This could lead to a NULL-ptr deref crash...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.9.1, as used with Xen up to version 4.14.x. The file drivers/xen/events/eventsbase.c allows for the removal of event channels during the event-handling loop a race condition. This can lead to a use-after-free or NULL pointer...
Astra Linux – Vulnerability in Ansible
A race condition flaw was discovered in Ansible Engine 2.7.17 and earlier versions, as well as 2.8.9 and earlier, and 2.9.6 and earlier. This issue occurs when running a playbook with an unprivileged “become user” command. When Ansible needs to execute a module with the “become user” command, a...