Debian Linux vulnerabilities

CVE-2024-26966 [MEDIUM] CWE-129 CVE-2024-26966: In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix te In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed

CVE-2024-26950 [MEDIUM] CWE-476 CVE-2024-26950: In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access devi In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer->device being dereferenced. It's actually easier and faster performance-wise to instead get the device from ctx->wg. This semantically makes more sense too, since

CVE-2024-26937 [MEDIUM] CWE-617 CVE-2024-26937: In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priori In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request that may complete before the preemption is processed by HW. If that happ

CVE-2024-27028 [MEDIUM] CWE-476 CVE-2024-27028: In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL point In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupt handler may end up writing to the invalid memory and cause crashes. Add a check to trans->tx_buf before using it.

CVE-2024-27059 [MEDIUM] CWE-369 CVE-2024-27059: In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divid In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when creating a CDB for READ or WRITE commands. The calculation involves divisio

CVE-2024-26935 [MEDIUM] CVE-2024-26935: In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procf In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a call to scsi_proc_hostdir_rm() on scsi_remove_host(). But that led to a potenti

CVE-2024-27073 [MEDIUM] CWE-401 CVE-2024-27073: In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init does. Besides, there are two fixme comment refers to such deallocations.

CVE-2024-26960 [MEDIUM] CWE-362 CVE-2024-26960: In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between free_swap_and_cache() and swapoff() There was previously a theoretical window where swapoff() could run and teardown a swap_info_struct while a call to free_swap_and_cache() was running in another thread. This could cause, amongst other bad possibilities

CVE-2024-27004 [MEDIUM] CWE-667 CVE-2024-27004: In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walk In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40eb8 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.

CVE-2024-27025 [MEDIUM] CWE-476 CVE-2024-27025: In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_st In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.

CVE-2024-27076 [MEDIUM] CWE-401 CVE-2024-27076: In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.

CVE-2023-52650 [MEDIUM] CWE-476 CVE-2023-52650: In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing che In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.

CVE-2024-26969 [MEDIUM] CWE-129 CVE-2024-26969: In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq8074: fix ter In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element. Add such entry to the end of the arrays where it is missing in order to avoid possible out-of-bound access when the table is traversed

CVE-2024-26973 [MEDIUM] CWE-908 CVE-2024-26973: In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must be a multiple of 4 so the file handle is actually 12 bytes long and th

CVE-2024-3096 [MEDIUM] CWE-20 CVE-2024-3096: In PHP  version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored w In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true.

CVE-2024-26928 [HIGH] CWE-416 CVE-2024-26928: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

CVE-2022-48655 [HIGH] CWE-119 CVE-2022-48655: In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden acce In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers requests through the SCMI reset operations interface can potentially lead to out-of-bound violations if the SCMI driver misbehave. Add an internal consist

CVE-2024-26923 [MEDIUM] CWE-362 CVE-2024-26923: In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM_RIGHTS, two consecutive passes of scan_children() may see a different s

CVE-2024-26926 [MEDIUM] CVE-2024-26926: In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment In the Linux kernel, the following vulnerability has been resolved: binder: check offset alignment in binder_get_object() Commit 6d98eb95b450 ("binder: avoid potential data leakage when copying txn") introduced changes to how binder objects are copied. In doing so, it unintentionally removed an offset alignment check done through calls to binder_alloc_copy

CVE-2024-26925 [MEDIUM] CWE-667 CVE-2024-26925: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release m In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC worker could collect expired objects and get the released commit lock w