Debian Linux vulnerabilities

CVE-2024-26981 [HIGH] CWE-129 CVE-2024-26981: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfs_set_de In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfs_set_de_type The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to read from the array in the same way as "(mode & S_IFMT) >>

CVE-2024-27024 [HIGH] CVE-2024-27024: In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_con In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr().

CVE-2024-26965 [HIGH] CWE-787 CVE-2024-26965: In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-msm8974: fix te In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed b

CVE-2024-26956 [HIGH] CVE-2024-26956: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect D In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submit_bh_wbc()". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one a separate patch. The first patch alone resolves the sy

CVE-2024-27065 [HIGH] CVE-2024-27065: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not co In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.

CVE-2024-27052 [HIGH] CWE-416 CVE-2024-27052: In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().

CVE-2024-26955 [HIGH] CVE-2024-26955: In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at s In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent kernel bug at submit_bh_wbc() Fix a bug where nilfs_get_block() returns a successful status when searching and inserting the specified block both fail inconsistently. If this inconsistent behavior is not due to a previously fixed bug, then an unexpected race is occurring, so

CVE-2024-27077 [MEDIUM] CWE-401 CVE-2024-27077: In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a meml In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such deallocation to prevent memleak of entity->name.

CVE-2024-26999 [MEDIUM] CWE-667 CVE-2024-26999: In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawe In the Linux kernel, the following vulnerability has been resolved: serial/pmac_zilog: Remove flawed mitigation for rx irq flood The mitigation was intended to stop the irq completely. That may be better than a hard lock-up but it turns out that you get a crash anyway if you're using pmac_zilog as a serial console: ttyPZ0: pmz: rx irq flood ! BUG

CVE-2024-26931 [MEDIUM] CWE-476 CVE-2024-26931: In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flus In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix command flush on cable pull System crash due to command failed to flush back to SCSI layer. BUG: unable to handle kernel NULL pointer dereference at 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 27 PID: 793455 Comm: kworker/u130:6 Kdump: loaded Ta

CVE-2024-26997 [MEDIUM] CWE-476 CVE-2024-26997: In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereferenc In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: host: Fix dereference issue in DDMA completion flow. Fixed variable dereference issue in DDMA completion flow.

CVE-2024-27074 [MEDIUM] CWE-401 CVE-2024-27074: In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> go7007_boot_encoder |-> go7007_load_encoder |-> kfree(go) go is freed and

CVE-2024-27038 [MEDIUM] CWE-476 CVE-2024-27038: In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dere In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get

CVE-2024-27001 [MEDIUM] CVE-2024-27001: In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or interrupt type, and current version of vmk80xx_find_usb_endpoints() function does

CVE-2024-26970 [MEDIUM] CWE-125 CVE-2024-26970: In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq6018: fix ter In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq6018: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed

CVE-2024-27044 [MEDIUM] CWE-476 CVE-2024-27044: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:

CVE-2024-26984 [MEDIUM] CWE-362 CVE-2024-26984: In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condi In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 8000000114e6e067 P4D 8000000114e6e067 PUD 1

CVE-2024-26994 [MEDIUM] CVE-2024-26994: In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very lo In the Linux kernel, the following vulnerability has been resolved: speakup: Avoid crash on very long word In case a console is set up really large and contains a really long word (> 256 characters), we have to stop before the length of the word buffer.

CVE-2024-27388 [MEDIUM] CWE-401 CVE-2024-27388: In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gs In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

CVE-2024-27030 [MEDIUM] CWE-362 CVE-2024-27030: In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate hand In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data.