Debian Linux vulnerabilities

CVE-2024-36905 [MEDIUM] CWE-369 CVE-2024-36905: In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDO In the Linux kernel, the following vulnerability has been resolved: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets TCP_SYN_RECV state is really special, it is only used by cross-syn connections, mostly used by fuzzers. In the following crash [1], syzbot managed to trigger a divide by zero in tcp_rcv_space_adjust() A socket makes the

CVE-2024-36017 [MEDIUM] CVE-2024-36017: In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_ In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation Each attribute inside a nested IFLA_VF_VLAN_LIST is assumed to be a struct ifla_vf_vlan_info so the size of such attribute needs to be at least of sizeof(struct ifla_vf_vlan_info) which is 14 bytes. The current size validati

CVE-2024-36954 [MEDIUM] CWE-401 CVE-2024-36954: In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in In the Linux kernel, the following vulnerability has been resolved: tipc: fix a possible memleak in tipc_buf_append __skb_linearize() doesn't free the skb when it fails, so move '*buf = NULL' after __skb_linearize(), so that the skb can be freed on the err path.

CVE-2024-36919 [MEDIUM] CWE-667 CVE-2024-36919: In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_ In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload The session resources are used by FW and driver when session is offloaded, once session is uploaded these resources are not used. The lock is not required as these fields won't be used any longer. The offload

CVE-2024-36953 [MEDIUM] CWE-476 CVE-2024-36953: In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() vgic_v2_parse_attr() is responsible for finding the vCPU that matches the user-provided CPUID, which (of course) may not be valid. If the ID is invalid, kvm_get_vcpu_by_id() returns NULL, which isn't handled grace

CVE-2024-36929 [MEDIUM] CWE-476 CVE-2024-36929: In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_exp In the Linux kernel, the following vulnerability has been resolved: net: core: reject skb_copy(_expand) for fraglist GSO skbs SKB_GSO_FRAGLIST skbs must not be linearized, otherwise they become invalid. Return NULL if such an skb is passed to skb_copy or skb_copy_expand, in order to prevent a crash on a potential later call to skb_gso_segment.

CVE-2024-36950 [MEDIUM] CVE-2024-36950: In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset In the Linux kernel, the following vulnerability has been resolved: firewire: ohci: mask bus reset interrupts between ISR and bottom half In the FireWire OHCI interrupt handler, if a bus reset interrupt has occurred, mask bus reset interrupts until bus_reset_work has serviced and cleared the interrupt. Normally, we always leave bus reset interrupts masked

CVE-2023-52880 [MEDIUM] CVE-2023-52880: In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADM In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADMIN to do that.

CVE-2024-4453 [HIGH] CWE-190 CVE-2024-4453: GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerabi GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists w

CVE-2021-47489 [HIGH] CVE-2021-47489: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out o In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix even more out of bound writes from debugfs CVE-2021-42327 was fixed by: commit f23750b5b3d98653b31d4469592935ef6364ad67 Author: Thelford Williams Date: Wed Oct 13 16:04:13 2021 -0400 drm/amdgpu: fix out of bounds write but amdgpu_dm_debugfs.c contains more of the same iss

CVE-2023-52752 [HIGH] CWE-416 CVE-2023-52752: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ses. This fixes the following GPF when reading from /proc/fs/cifs/DebugD

CVE-2023-52812 [HIGH] CWE-129 CVE-2023-52812: In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link leve In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcie_table->num_of_link_levels will be 0, and num_of_levels - 1 will cause array index out of bounds

CVE-2021-47247 [HIGH] CWE-416 CVE-2021-47247: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free o In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5e_rep_neigh_update() wasn't updated to accommodate rtnl lock removal from TC filter update path and properly handle concurrent encap entry insertion/deletion which can lead to following use-after-free:

CVE-2023-52757 [HIGH] CWE-416 CVE-2023-52757: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential dead In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when releasing mids All release_mid() callers seem to hold a reference of @mid so there is no need to call kref_put(&mid->refcount, __release_mid) under @server->mid_lock spinlock. If they don't, then an use-after-free bug would have occurred anyw

CVE-2024-35960 [CRITICAL] CWE-476 CVE-2024-35960: In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle tries hard to find and reference already existing identical rules inste

CVE-2024-35967 [HIGH] CWE-125 CVE-2024-35967: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validat In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset include/linux/sockptr.h:49 [inline] BUG: KASAN: slab-out-of-bounds in copy_f

CVE-2024-35955 [HIGH] CWE-416 CVE-2024-35955: In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time. `is_module_text_address()` and `__module_text_address()` works with MODULE

CVE-2024-35962 [MEDIUM] CVE-2024-35962: In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functions, we can perform the @optlen validation before even calling xt_alloc_table_in

CVE-2024-36006 [MEDIUM] CVE-2024-36006: In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix i In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the function that migrates all the entries within a chunk call list_first_entry() on the respective lists without checking that the lists are not empty. This is incorr

CVE-2024-35958 [MEDIUM] CVE-2024-35958: In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descrip In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by XDP_REDIRECT or XDP_TX instructions The ena_free_tx_bufs() cycles through all