Debian Linux vulnerabilities

CVE-2024-27413 [MEDIUM] CVE-2024-27413: In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorre In the Linux kernel, the following vulnerability has been resolved: efi/capsule-loader: fix incorrect allocation size gcc-14 notices that the allocation with sizeof(void) on 32-bit architectures is not enough for a 64-bit phys_addr_t: drivers/firmware/efi/capsule-loader.c: In function 'efi_capsule_open': drivers/firmware/efi/capsule-loader.c:295:24: erro

CVE-2024-35796 [MEDIUM] CWE-476 CVE-2024-35796: In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_res In the Linux kernel, the following vulnerability has been resolved: net: ll_temac: platform_get_resource replaced by wrong function The function platform_get_resource was replaced with devm_platform_ioremap_resource_byname and is called using 0 as name. This eventually ends up in platform_get_resource_byname in the call stack, where it causes a n

CVE-2024-35829 [MEDIUM] CWE-401 CVE-2024-35829: In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks.

CVE-2023-52683 [MEDIUM] CVE-2023-52683: In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplic In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32(). Found by Linux Verification Center (linuxtesting.org) with SVACE.

CVE-2024-35853 [MEDIUM] CWE-401 CVE-2024-35853: In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix m In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash The rehash delayed work migrates filters from one region to another. This is done by iterating over all chunks (all the filters with the same priority) in the region and in each chunk iterating over all the filters. If the m

CVE-2024-27417 [MEDIUM] CWE-401 CVE-2024-27417: In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() It seems that if userspace provides a correct IFA_TARGET_NETNSID value but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr() returns -EINVAL with an elevated "struct net" refcount.

CVE-2024-35833 [MEDIUM] CWE-401 CVE-2024-35833: In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memo In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the managed version to fix both issues.

CVE-2024-32021 [HIGH] CVE-2024-32021: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the `objects/` directory. Cloning a local repository over t

CVE-2024-4367 [HIGH] CWE-754 CVE-2024-4367: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execu A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-27395 [HIGH] CWE-416 CVE-2024-27395: In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: Fix Use-After-Free in ovs_ct_exit Since kfree_rcu, which is called in the hlist_for_each_entry_rcu traversal of ovs_ct_limit_exit, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will

CVE-2024-32004 [HIGH] CWE-114 CVE-2024-32004: Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4. As a workaround

CVE-2024-27401 [HIGH] CVE-2024-27401: In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_len In the Linux kernel, the following vulnerability has been resolved: firewire: nosy: ensure user_length is taken into account when fetching packet contents Ensure that packet_buffer_get respects the user_length provided. If the length of the head packet exceeds the user_length, packet_buffer_get will now return 0 to signify to the user that no data were read

CVE-2024-27396 [HIGH] CWE-416 CVE-2024-27396: In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in In the Linux kernel, the following vulnerability has been resolved: net: gtp: Fix Use-After-Free in gtp_dellink Since call_rcu, which is called in the hlist_for_each_entry_rcu traversal of gtp_dellink, is not part of the RCU read critical section, it is possible that the RCU grace period will pass during the traversal and the key will be free. To p

CVE-2024-32465 [HIGH] CVE-2024-32465: Git is a revision control system. The Git project recommends to avoid working in untrusted repositor Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with `git clone --no-local` to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but vulnerabilities allow those protections to be bypassed. In the contex

CVE-2024-27398 [HIGH] CWE-416 CVE-2024-27398: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free b In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection is timeout. The sock will be deallocated later, but it is dereferenced ag

CVE-2024-4777 [HIGH] CWE-787 CVE-2024-4777: Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2023-52656 [MEDIUM] CVE-2023-52656: In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related In the Linux kernel, the following vulnerability has been resolved: io_uring: drop any code related to SCM_RIGHTS This is dead code after we dropped support for passing io_uring fds over SCM_RIGHTS, get rid of it.

CVE-2024-4767 [MEDIUM] CWE-459 CVE-2024-4767: If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly If the `browser.privatebrowsing.autostart` preference is enabled, IndexedDB files were not properly deleted when the window was closed. This preference is disabled by default in Firefox. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4768 [MEDIUM] CWE-281 CVE-2024-4768: A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a us A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-27399 [MEDIUM] CWE-476 CVE-2024-27399: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr- In the Linux kernel, the following vulnerability has been resolved: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout There is a race condition between l2cap_chan_timeout() and l2cap_chan_del(). When we use l2cap_chan_del() to delete the channel, the chan->conn will be set to null. But the conn could be dereferenced again in the mutex_loc