18100 matches found
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
A vulnerability has been discovered in the Linux kernel. It has been identified as a problem. The vulnerability affects the intrcallback function in the drivers/net/usb/r8152.c file of the BPF component. Manipulation of this function results in the logging of excessive data. The attack can be...
Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: irqchip: The refcount leak in platformirqchipprobe has been fixed. The function ofirqfindparent returns a node pointer with the refcount incremented. We should use ofnodeput on it when it is no longer necessary. Add the missing...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
An integer overflow or wrap-around vulnerability exists in the OpenEuler kernel on Linux file system modules, allowing for forced integer overflow. This issue affects the OpenEuler kernel, starting from version 4.19.90, up to and including version 4.19.90-2401.3, as well as versions 5.10.0-60.18....
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Fixed BQL accounting for multi-BD TX packets. When a TX packet spans multiple buffer descriptors scatter-gather, axienetfreetxchain sums the actual length of each BD from the descriptor status into an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Properly marking live registers for indirect jumps For the gotox rX instruction, the rX register should be marked as used in the computeinsnlive regs function. This issue has been fixed...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: mfd: macsmc: Initialize mutex The mutex of the struct applesmc is initialized in applesmcprobe. Using the mutex in an uninitialized state surprisingly resulted only in occasional NULL pointer dereferences in calls to applesmcread...
Astra Linux – Vulnerability in grub2
A use-after-free vulnerability has been identified in the GNU GRUB Grand Unified Bootloader. The flaw occurs because the process that closes files improperly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause th...
Astra Linux – Vulnerability in grub2
A vulnerability has been identified in the GRUB Grand Unified Bootloader component. This flaw occurs because the bootloader improperly handles string conversions when reading information from a USB device, allowing an attacker to exploit inconsistencies in the length values. A local attacker can...
Astra Linux – Vulnerability in Golang 1.19, Golang 1.23
If the PATH environment variable contains paths that are executable files rather than just directories, passing certain strings to LookPath "", ".", and ".." may cause the binaries listed in the PATH to be returned unexpectedly...
Astra Linux - Vulnerability in node-sha.js
There is a vulnerability in input validation in sha.js that allows for manipulation of input data. This issue affects sha.js version 2.4.11...
Astra Linux – Vulnerability in espeak-ng
It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Underflow due to the CountVowelPosition function in synthdata.c...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
A use-after-free vulnerability exists in the netfilter component of the Linux kernel’s nftables module; this vulnerability can be exploited to achieve local privilege escalation. The nftpipapowalk function does not skip inactive elements during the set walk operation, which can result in double...
Astra Linux – Vulnerability in Linux 5.15
A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to gain local privilege escalation. The perfgroupdetach function did not check the attachstate of the event’s siblings before calling addeventtogroups; moreover, removeonexec allowed calling listdelevent...
Astra Linux – Vulnerability in Linux 5.10
There is a vulnerability related to time-of-check to time-of-use issues in the iouringsubsystem’s IORINGOPCLOSE operation in the Linux kernel versions 5.6 to 5.11 inclusive. This vulnerability allows a local user to elevate their privileges to root. Introduced in the version...
Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15
A issue was discovered in the Linux kernel through version 5.16-rc6. The function malidpcrtcreset in the file drivers/gpu/drm/arm/malidpcrtc.c lacks a check on the return value of kzalloc. This could lead to a null pointer dereferencing...
Astra Linux – Vulnerability in Linux, Linux 5.10
There is a use-after-free in the Linux kernel’s tcnewtfilter module, which could allow a local attacker to gain privilege escalation. This vulnerability requires unprivileged user namespaces for exploitation. We recommend upgrading to a version after commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b...
Astra Linux – Vulnerability in Linux 5.10
A out-of-bounds memory write flaw was discovered in the Linux kernel’s watchqueue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system...
Astra Linux – Vulnerability in qtbase-opensource-src
A issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17, 6.x before 6.2.12, 6.3.x through 6.5.x before 6.5.5, and 6.6.x before 6.6.2. A buffer overflow and application crash can occur due to a crafted KTX image file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: - BPF: Fixed a potential use-after-free of the BTF object. - The refcounting in the checkpseudobtfid function is incorrect: The checkpseudobtfid function might be called with a btf whose refcount is zero. This issue has been...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftcounter: serialize reset with spinlock A global static spinlock has been added to serialize the fetch+reset operations of the counter, preventing concurrent “dump-and-reset” operations from accessing counter values ...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: fbnic: Resolving the race between fwlog and teardown This fix addresses a theoretical race condition in fwlog between the teardown path and the fwlog write functions. fwlog is written within fbnicfwlogwrite, and it can be...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Requires the map to be frozen before calculating the map hash Currently, bpfmapgetinfobyfd calculates and caches the hash of the map, regardless of whether the map is frozen or not. This leads to a TOCTOU bug, where user spa...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: power: supply: pf1550: Fixed a use-after-free in powersupplychanged. Using the devm variant for requesting IRQs before using the devm variant for allocating/registering the powersupply handle means that the powersupply handle wil...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed handling of misaligned crypto lengths in packets. Also, fixed the handling of packets with misaligned crypto lengths. Additionally, handled non-ENOMEM errors during decryption by aborting the process. Furthermore,...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fixed a race condition during PASID entry replacement. The Intel VT-d PASID table entry is 512 bits 64 bytes. When replacing an active PASID entry e.g., during domain replacement, the current implementation calculates...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: drm/xe/pf: Fixed sysfs initialization issues. In case of a failure in devmaddactionorreset, the provided cleanup action will be executed immediately on the not yet initialized kobject. This may lead to errors such as: - kobjec...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: nau8821: Cancel delayed work on component removal Attempting to unload the driver while a jack detection task is pending may cause the kernel to crash when it is eventually executed. 1984.896308 BUG: Unable to handle a...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: The function eagerly init vgic dist/redist on vgic creation is vulnerable. If the vgicallocateprivateirqslocked function fails for any reason, we exit kvmvgiccreate early, leaving dist-rdregions uninitialized. The...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: iouring/zcrx: fixed the race condition between the scrub and refill paths involving userrefs The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by an atomicdec to manipulate...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fixed the directory separator in SMB1 UNIX mounts. When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps. Otherwise, the...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerabilities have been resolved: bridge: Guards the local VLAN-0 FDB helpers against NULL vlan groups. When CONFIGBRIDGEVLANFILTERING is not set, the brvlangroup and nbpvlangroup functions return NULL as defined in brprivate.h. The BRBOOLOPTFDBLOCALVLAN0 togg...
Astra Linux – Vulnerability in Golang-github-dvsekhvalnov-jose2go
A vulnerability was discovered in dvsekhvalnov jose2go versions 1.5.0 through 1.7.0. This vulnerability allows an attacker to trigger a Denial-of-Service DoS attack by using a specially crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...
Astra Linux – Vulnerability in Wireshark
The SDP protocol dissector in Wireshark versions 4.6.0 to 4.6.4 allows for a denial of service attack...
Astra Linux – Vulnerability in Gegl
GIMP HDR File Parsing: Heap-Based Buffer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page ...
Astra Linux – Vulnerability in libjettison-java
An infinite recursion occurs in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. This results in a StackOverflowError exception being thrown...
Astra Linux – Vulnerability in Tomcat9
Improper neutralization of escape, meta, or control sequence vulnerabilities in Apache Tomcat. For a subset of uncommon rewrite rule configurations, it was possible for a specially crafted request to bypass certain rewrite rules. If those rewrite rules effectively enforced security constraints,...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
The IPv6 implementation in the Linux kernel before version 6.3 has a maxsize threshold in the net/ipv6/route.c file that can be easily exceeded. This can lead to a denial of service condition, where the network becomes unreachable, resulting in errors when IPv6 packets are sent through a raw sock...
Astra Linux – Vulnerability in Linux 5.10, Linux
A issue was discovered in the Linux kernel through version 5.16-rc6. The function netvscgetethtoolstats in the drivers/net/hyperv/netvscdrv.c file lacks a check on the return value of kvmallocarray, which can lead to a null pointer derefrence...
Astra Linux – Vulnerability in Linux, Linux 5.10
There is a bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating an NFC device from user-space...
Astra Linux – Vulnerability in GhostScript
A issue was discovered in psi/zcolor.c in Artifex Ghostscript prior to version 10.04.0. An unchecked Implementation pointer in the Pattern color space could allow for arbitrary code execution...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: xhci: Fixed a NULL pointer dereference issue when reading PortLib’s debugfs files. Michal reported and debugged a NULL pointer dereference bug in the recently added PortLib’s debugfs files. The issue occurs when there are more po...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: chips-media: wave5: Fixed an issue where the runtime usage count of PM was underflowing. Replace pmruntimeputsync with pmruntimedontuseautosuspend in the remove path, so that it can properly pair with pmruntimeuseautosuspend in t...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: BPF: Resetting the register ID for BPFEND value tracking When a register undergoes a BPFEND operation byte swap, its scalar value is mutated in place. If this register previously shared a scalar ID with another register e.g., aft...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: GPIB: LPVOUSB – fixed a memory leak that occurred when USB devices were disconnected. The driver iterates over the registered USB interfaces during GPIB attachment and takes a reference to their USB devices until a match is found...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fixed a deadlock in the soft reset sequence. The soft reset sequence is currently executed from the threaded IRQ handler. Therefore, it cannot call disableirq because it internally waits for the IRQ handlers—i.e....
Astra Linux – Vulnerability in Zabbix
A regular Zabbix user without access to the Monitoring - Problems view can still call the problem.view.refresh action, and thus still retrieve a list of active problems...
Astra Linux – Vulnerability in Python 3.11
When using TarFile.errorlevel = 0 and extracting with a filter, the documented behavior is that any filtered members would be skipped and not extracted. However, the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member will still be extracted and not skipped...
Astra Linux – Vulnerability in opusfile
A null pointer dereference issue was discovered in the functions opgetdata and opopen1 in opusfile.c. In versions 0.9 through 0.12 of xiph opusfile, this issue allows attackers to cause denial of service or other unspecified impacts...
Astra Linux – Vulnerability in Firefox and Thunderbird
Offscreen Canvas did not properly prevent cross-origin tampering, which could have been used to access image data from another site in violation of the same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1...
Astra Linux – Vulnerabilities in Firefox, LibWebP, Thunderbird
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free the best.bw file, assigning the best pointer to trial. The second loop will then return 0 due to a memory out-of-memory error in the VP8 encoder; the pointer remai...