Debian Linux vulnerabilities

CVE-2024-35936 [MEDIUM] CVE-2024-35936: In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption, as it could be caused only by two impossible conditions: - at first the search key is set up to look for a chunk tree item, with offset -1, this is

CVE-2024-35934 [MEDIUM] CVE-2024-35934: In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure i In the Linux kernel, the following vulnerability has been resolved: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() Many syzbot reports show extreme rtnl pressure, and many of them hint that smc acquires rtnl in netns creation for no good reason [1] This patch returns early from smc_pnet_net_init() if there is no netdevice yet. I am not

CVE-2024-35898 [MEDIUM] CWE-362 CVE-2024-35898: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix poten In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() nft_unregister_flowtable_type() within nf_flow_inet_module_exit() can concurrent with __nft_flowtable_type_get() within nf_tables_newflowtable(). And thhere is not any protection when iterate over nf_table

CVE-2024-35879 [MEDIUM] CWE-401 CVE-2024-35879: In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_cha In the Linux kernel, the following vulnerability has been resolved: of: dynamic: Synchronize of_changeset_destroy() with the devlink removals In the following sequence: 1) of_platform_depopulate() 2) of_overlay_remove() During the step 1, devices are destroyed and devlinks are removed. During the step 2, OF nodes are destroyed but __of_changeset_

CVE-2024-35877 [MEDIUM] CWE-401 CVE-2024-35877: In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: fix VM_PAT handling in COW mappings PAT handling won't do the right thing in COW mappings: the first PTE (or, in fact, all PTEs) can be replaced during write faults to point at anon folios. Reliably recovering the correct PFN and cachemode using follow_phys() from PTEs

CVE-2024-35900 [MEDIUM] CVE-2024-35900: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject ne In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject new basechain after table flag update When dormant flag is toggled, hooks are disabled in the commit phase by iterating over current chains in table (existing and new). The following configuration allows for an inconsistent state: add table x add chain x y {

CVE-2024-35884 [MEDIUM] CWE-617 CVE-2024-35884: In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel G In the Linux kernel, the following vulnerability has been resolved: udp: do not accept non-tunnel GSO skbs landing in a tunnel When rx-udp-gro-forwarding is enabled UDP packets might be GROed when being forwarded. If such packets might land in a tunnel this can cause various issues and udp_gro_receive makes sure this isn't the case by looking for

CVE-2024-35930 [MEDIUM] CWE-401 CVE-2024-35930: In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() The call to lpfc_sli4_resume_rpi() in lpfc_rcv_padisc() may return an unsuccessful status. In such cases, the elsiocb is not issued, the completion is not called, and thus the elsiocb resource is leaked. Check return value

CVE-2024-35888 [MEDIUM] CWE-908 CVE-2024-35888: In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_h In the Linux kernel, the following vulnerability has been resolved: erspan: make sure erspan_base_hdr is present in skb->head syzbot reported a problem in ip6erspan_rcv() [1] Issue is that ip6erspan_rcv() (and erspan_rcv()) no longer make sure erspan_base_hdr is present in skb linear part (skb->head) before getting @ver field from it. Add the mi

CVE-2024-35947 [MEDIUM] CVE-2024-35947: In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >cont In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.

CVE-2024-35902 [MEDIUM] CWE-476 CVE-2024-35902: In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null d In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * The following call-sites pass a NULL cp argument to __rds_rdma_map() -

CVE-2024-35940 [MEDIUM] CWE-476 CVE-2024-35940: In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer In the Linux kernel, the following vulnerability has been resolved: pstore/zone: Add a null pointer check to the psz_kmsg_read kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

CVE-2024-35925 [MEDIUM] CWE-369 CVE-2024-35925: In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux Verification Center (linuxtesting.org) with Svace.

CVE-2024-35933 [MEDIUM] CWE-476 CVE-2024-35933: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null pt In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Fix null ptr deref in btintel_read_version If hci_cmd_sync_complete() is triggered and skb is NULL, then hdev->req_skb is NULL, which will cause this issue.

CVE-2024-35897 [MEDIUM] CVE-2024-35897: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard t In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both commands are combined, this results in deleting a basechain while leaving its h

CVE-2024-35899 [MEDIUM] CWE-362 CVE-2024-35899: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pen In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: flush pending destroy work before exit_net release Similar to 2c9f0293280e ("netfilter: nf_tables: flush pending destroy work before netlink notifier") to address a race between exit_net and the destroy workqueue. The trace below shows an element to be relea

CVE-2023-52699 [MEDIUM] CWE-667 CVE-2023-52699: In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() wit In the Linux kernel, the following vulnerability has been resolved: sysv: don't call sb_bread() with pointers_lock held syzbot is reporting sleep in atomic context in SysV filesystem [1], for sb_bread() is called with rw_spinlock held. A "write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock" bug and a "sb_bread() with write_lock(&poin

CVE-2024-35935 [LOW] CWE-209 CVE-2024-35935: In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref un In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel addresses.

CVE-2024-35845 [CRITICAL] CWE-134 CVE-2024-35845: In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: dbg-tlv: ensure NUL termination The iwl_fw_ini_debug_info_tlv is used as a string, so we must ensure the string is terminated correctly before using it.

CVE-2024-35854 [HIGH] CWE-416 CVE-2024-35854: In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix p In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash The rehash delayed work migrates filters from one region to another according to the number of available credits. The migrated from region is destroyed at the end of the work if the number of credits is non-negativ