Debian Linux vulnerabilities

CVE-2024-43839 [HIGH] CWE-787 CVE-2024-43839: In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 characters, since 'bnad->netdev->name' is used there. For '%d' specifiers,

CVE-2024-42314 [HIGH] CWE-416 CVE-2024-42314: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping ou

CVE-2024-42472 [CRITICAL] CWE-74 CVE-2024-42472: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1 Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and confidentiality. When `persistent=subdir` is used in the

CVE-2024-42159 [HIGH] CWE-754 CVE-2024-42159: In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Sanitise num_phys Information is stored in mr_sas_port->phy_mask, values larger then size of this field shouldn't be allowed.

CVE-2024-42160 [HIGH] CWE-754 CVE-2024-42160: In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault In the Linux kernel, the following vulnerability has been resolved: f2fs: check validation of fault attrs in f2fs_build_fault_attr() - It missed to check validation of fault attrs in parse_options(), let's fix to add check condition in f2fs_build_fault_attr(). - Use f2fs_build_fault_attr() in __sbi_store() to clean up code.

CVE-2024-42136 [HIGH] CWE-190 CVE-2024-42136: In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_cha In the Linux kernel, the following vulnerability has been resolved: cdrom: rearrange last_media_change check to avoid unintentional overflow When running syzkaller with the newly reintroduced signed integer wrap sanitizer we encounter this splat: [ 366.015950] UBSAN: signed-integer-overflow in ../drivers/cdrom/cdrom.c:2361:33 [ 366.021089] -9223372

CVE-2024-41073 [HIGH] CWE-415 CVE-2024-41073: In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special In the Linux kernel, the following vulnerability has been resolved: nvme: avoid double free special payload If a discard request needs to be retried, and that retry may fail before a new special payload is added, a double free will result. Clear the RQF_SPECIAL_LOAD when the request is cleaned.

CVE-2024-41096 [HIGH] CWE-416 CVE-2024-41096: In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capabil In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Fix UAF in msi_capability_init KFENCE reports the following UAF: BUG: KFENCE: use-after-free read in __pci_enable_msi_range+0x2c0/0x488 Use-after-free read at 0x0000000024629571 (in kfence-#12): __pci_enable_msi_range+0x2c0/0x488 pci_alloc_irq_vectors_affinity+0xec/0x14c

CVE-2024-39496 [HIGH] CWE-416 CVE-2024-39496: In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-fre In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: fix use-after-free due to race with dev replace While loading a zone's info during creation of a block group, we can race with a device replace operation and then trigger a use-after-free on the device that was just replaced (source device of the replace operation). T

CVE-2024-41000 [HIGH] CWE-190 CVE-2024-41000: In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different o In the Linux kernel, the following vulnerability has been resolved: block/ioctl: prefer different overflow check Running syzkaller with the newly reintroduced signed integer overflow sanitizer shows this report: [ 62.982337] ------------[ cut here ]------------ [ 62.985692] cgroup: Invalid name [ 62.986211] UBSAN: signed-integer-overflow in ../bloc

CVE-2024-39494 [HIGH] CWE-416 CVE-2024-39494: In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a de In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its parent, ->i_rwsem exclusive on the parent's inode, rename_lock), but none of t

CVE-2024-6387 [HIGH] CWE-364 CVE-2024-6387: A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race con A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

CVE-2024-37371 [CRITICAL] CWE-125 CVE-2024-37371: In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS me In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.

CVE-2024-38588 [HIGH] CWE-416 CVE-2024-38588: In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after- In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix possible use-after-free issue in ftrace_location() KASAN reports a bug: BUG: KASAN: use-after-free in ftrace_location+0x90/0x120 Read of size 8 at addr ffff888141d40010 by task insmod/424 CPU: 8 PID: 424 Comm: insmod Tainted: G W 6.9.0-rc2+ [...] Call Trace: dump_stack

CVE-2024-37891 [MEDIUM] CWE-669 CVE-2024-37891: urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header eve

CVE-2024-5696 [HIGH] CWE-787 CVE-2024-5696: By manipulating the text in an `&lt;input&gt;` tag, an attacker could have caused corrupt memory lea By manipulating the text in an ` ` tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-35235 [MEDIUM] CWE-59 CVE-2024-35235: OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd process can be caused to perform an arbitrary chmod of the provided argument, providing world-writable access to the

CVE-2024-5690 [MEDIUM] CWE-203 CVE-2024-5690: By monitoring the time certain operations take, an attacker could have guessed which external protoc By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.

CVE-2024-36971 [HIGH] CWE-416 CVE-2024-36971: In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice( In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is imple

CVE-2024-37383 [MEDIUM] CWE-79 CVE-2024-37383: Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes. Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.