Debian Linux vulnerabilities

CVE-2024-3044 [MEDIUM] CWE-356 CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an at Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted.

CVE-2024-4769 [MEDIUM] CWE-351 CVE-2024-4769: When importing resources using Web Workers, error messages would distinguish the difference between When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-34397 [MEDIUM] CWE-290 CVE-2024-34397: An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDB An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based client will wrongly interpret as having been sent by

CVE-2024-34069 [HIGH] CWE-352 CVE-2024-34069: Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkz Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, and enter the debugger PIN, but if they are successful it

CVE-2024-33602 [HIGH] CWE-466 CVE-2024-33602: nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (n nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVE-2024-33601 [HIGH] CWE-617 CVE-2024-33601: nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemo nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd.

CVE-2024-33599 [HIGH] CWE-121 CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in t

CVE-2024-33600 [MEDIUM] CWE-476 CVE-2024-33600: nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.

CVE-2024-34509 [MEDIUM] CVE-2024-34509: dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. dcmdata in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

CVE-2024-34508 [MEDIUM] CWE-476 CVE-2024-34508: dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message. dcmnet in DCMTK before 3.6.9 has a segmentation fault via an invalid DIMSE message.

CVE-2024-27053 [CRITICAL] CWE-476 CVE-2024-27053: In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage i In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: WARNING: suspicious RCU usage 6.7.0-rc1-wt+ #333 Not tainted drivers/net/wireless/microchip/wilc1000/hif.c:386 suspicious rcu_de

CVE-2024-26988 [HIGH] CWE-787 CVE-2024-26988: In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential stat In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extra_command_line and command_line, rather than extra_command_line and boot_

CVE-2024-26958 [HIGH] CWE-416 CVE-2024-26958: In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28 refcount_warn_saturate+0x9c/0xe0 Workqueue: nfsiod nfs_di

CVE-2024-27000 [HIGH] CVE-2024-27000: In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock In the Linux kernel, the following vulnerability has been resolved: serial: mxs-auart: add spinlock around changing cts state The uart_handle_cts_change() function in serial_core expects the caller to hold uport->lock. For example, I have seen the below kernel splat, when the Bluetooth driver is loaded on an i.MX28 board. [ 85.119255] ------------[ cut her

CVE-2024-27008 [HIGH] CWE-125 CVE-2024-27008: In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds ac In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) is used as index there. The 'or' argument of fabricate_dcb_output() must

CVE-2024-26957 [HIGH] CWE-416 CVE-2024-26957: In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference coun In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcrypt_card. The reason was an incorrect reference handling of the zcrypt card object whi

CVE-2024-26951 [HIGH] CWE-416 CVE-2024-26951: In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for d In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: check for dangling peer via is_dead instead of empty list If all peers are removed via wg_peer_remove_all(), rather than setting peer_list to empty, the peer is added to a temporary list with a head on the stack of wg_peer_remove_all(). If a netlink dump is resum

CVE-2024-26974 [HIGH] CWE-367 CVE-2024-26974: In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race cond In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If the device restart will take more than 10 seconds the function scheduling

CVE-2024-26976 [HIGH] CWE-400 CVE-2024-26976: In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF wor In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed. KVM must ensure that none of its workqueue callbacks is running when th

CVE-2024-27075 [HIGH] CVE-2024-27075: In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid sta In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: error: stack frame size (3624) exceeds limit (2048) in 'stv0367ter_set_frontend