Debian Linux vulnerabilities

CVE-2024-27419 [MEDIUM] CWE-362 CVE-2024-27419: In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around s In the Linux kernel, the following vulnerability has been resolved: netrom: Fix data-races around sysctl_net_busy_read We need to protect the reader reading the sysctl value because the value can be changed concurrently.

CVE-2024-35821 [MEDIUM] CWE-772 CVE-2024-35821: In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the In the Linux kernel, the following vulnerability has been resolved: ubifs: Set page uptodate in the correct place Page cache reads are lockless, so setting the freshly allocated page uptodate before we've overwritten it with the data it's supposed to have in it will allow a simultaneous reader to see old data. Move the call to SetPageUptodate into

CVE-2023-52670 [MEDIUM] CWE-401 CVE-2023-52670: In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_over In the Linux kernel, the following vulnerability has been resolved: rpmsg: virtio: Free driver_override when rpmsg_remove() Free driver_override when rpmsg_remove(), otherwise the following memory leak will occur: unreferenced object 0xffff0000d55d7080 (size 128): comm "kworker/u8:2", pid 56, jiffies 4294893188 (age 214.272s) hex dump (first 32 b

CVE-2024-35823 [MEDIUM] CWE-120 CVE-2024-35823: In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corrupti In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). The cure is also the same i.e. replace memcpy() with memmove() due to t

CVE-2023-52690 [MEDIUM] CWE-476 CVE-2023-52690: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null poi In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to avoid memory leaks.

CVE-2024-35822 [MEDIUM] CVE-2024-35822: In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when q In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usb_ep_queue+0x7c/0x104 pc : usb_ep_queue+0x7c/0x104 lr : fsg_main_thread+0x494/0x1b3c Root cause is ma

CVE-2023-52694 [MEDIUM] CVE-2023-52694: In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop bug In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function With tpd12s015_remove() marked with __exit this function is discarded when the driver is compiled as a built-in. The result is that when the driver unbinds there is no cleanup done which results in resource leakage or

CVE-2024-35807 [MEDIUM] CVE-2024-35807: In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on- In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by mke2fs. The issue can be reproduced on a smaller file system

CVE-2024-35848 [MEDIUM] CWE-362 CVE-2024-35848: In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corrup In the Linux kernel, the following vulnerability has been resolved: eeprom: at24: fix memory corruption race condition If the eeprom is not accessible, an nvmem device will be registered, the read will fail, and the device will be torn down. If another driver accesses the nvmem device after the teardown, it will reference invalid memory. Move the

CVE-2024-27412 [MEDIUM] CVE-2024-27412: In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do In the Linux kernel, the following vulnerability has been resolved: power: supply: bq27xxx-i2c: Do not free non existing IRQ The bq27xxx i2c-client may not have an IRQ, in which case client->irq will be 0. bq27xxx_battery_i2c_probe() already has an if (client->irq) check wrapping the request_threaded_irq(). But bq27xxx_battery_i2c_remove() unconditionally

CVE-2024-35835 [MEDIUM] CWE-415 CVE-2024-35835: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_groups, will hold this error and call to mlx5e_destroy_flow_table, in which

CVE-2024-27436 [MEDIUM] CWE-787 CVE-2024-27436: In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing c In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Stop parsing channels bits when all channels are found. If a usb audio device sets more bits than the amount of channels it could write outside of the map array.

CVE-2024-27410 [MEDIUM] CVE-2024-27410: In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype ch In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: reject iftype change with mesh ID change It's currently possible to change the mesh ID when the interface isn't yet in mesh mode, at the same time as changing it into mesh mode. This leads to an overwrite of data in the wdev->u union for the interface type it currently has,

CVE-2024-35837 [MEDIUM] CVE-2024-35837: In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool befor In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue.

CVE-2024-35830 [MEDIUM] CVE-2024-35830: In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.

CVE-2023-52686 [MEDIUM] CWE-476 CVE-2023-52686: In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null poi In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.

CVE-2024-27414 [MEDIUM] CVE-2024-27414: In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of I In the Linux kernel, the following vulnerability has been resolved: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back In the commit d73ef2d69c0d ("rtnetlink: let rtnl_bridge_setlink checks IFLA_BRIDGE_MODE length"), an adjustment was made to the old loop logic in the function `rtnl_bridge_setlink` to enable the loop to also check the length of

CVE-2024-35819 [MEDIUM] CVE-2024-35819: In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlo In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Use raw spinlock for cgr_lock smp_call_function always runs its callback in hard IRQ context, even on PREEMPT_RT, where spinlocks can sleep. So we need to use a raw spinlock for cgr_lock to ensure we aren't waiting on a sleeping task. Although this bug has existed for a

CVE-2024-35825 [MEDIUM] CVE-2024-35825: In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval of 5-10 seconds sometimes and have block length zero but still contain 1-2 vali

CVE-2023-52693 [MEDIUM] CVE-2023-52693: In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error wh In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_get_parent), this can lead to incorrect (uninitialized) acpi_parent handle bein