Debian Linux vulnerabilities

CVE-2024-26924 [MEDIUM] CWE-476 CVE-2024-26924: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do n In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... add_elem("0000000X") timeout 100 ms del_elem("0000000X") <---------------- delet

CVE-2024-28130 [HIGH] CWE-704 CVE-2024-28130: An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage func An incorrect type conversion vulnerability exists in the DVPSSoftcopyVOI_PList::createFromImage functionality of OFFIS DCMTK 3.6.8. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2024-26922 [MEDIUM] CVE-2024-26922: In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parame In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.

CVE-2024-2961 [HIGH] CWE-787 CVE-2024-2961: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer pas The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

CVE-2023-52642 [HIGH] CWE-862 CVE-2023-52642: In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach re In the Linux kernel, the following vulnerability has been resolved: media: rc: bpf attach/detach requires write permission Note that bpf attach/detach also requires CAP_NET_ADMIN.

CVE-2024-26852 [HIGH] CWE-416 CVE-2024-26852: In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") was not able to fix the root cause. We need to defer the fib6_info_releas

CVE-2024-26872 [HIGH] CWE-416 CVE-2024-26872: In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register even In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Do not register event handler until srpt device is fully setup Upon rare occasions, KASAN reports a use-after-free Write in srpt_refresh_port(). This seems to be because an event handler is registered before the srpt device is fully setup and a race condition upon error

CVE-2024-26895 [HIGH] CWE-416 CVE-2024-26895: In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-aft In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces wilc_netdev_cleanup currently triggers a KASAN warning, which can be observed on interface registration error path, or simply by removing the module/unbinding device from driver: echo spi0.1 > /sys/bus/sp

CVE-2024-26883 [HIGH] CWE-119 CVE-2024-26883: In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow chec In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stackmap overflow check on 32-bit arches The stackmap code relies on roundup_pow_of_two() to compute the number of hash buckets, and contains an overflow check by checking if the resulting value is 0. However, on 32-bit arches, the roundup code itself can overflow by doing

CVE-2024-26825 [MEDIUM] CWE-459 CVE-2024-26825: In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassemb In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free rx_data_reassembly skb on NCI device cleanup rx_data_reassembly skb is stored during NCI data exchange for processing fragmented packets. It is dropped only when the last fragment is processed or when an NTF packet with NCI_OP_RF_DEACTIVATE_NTF opcode is received. H

CVE-2023-52644 [MEDIUM] CVE-2023-52644: In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct qu In the Linux kernel, the following vulnerability has been resolved: wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled When QoS is disabled, the queue priority value will not map to the correct ieee80211 queue since there is only one queue. Stop/wake queue 0 when QoS is disabled to prevent trying to stop/wake a non-existent queue and f

CVE-2024-26861 [MEDIUM] CWE-362 CVE-2024-26861: In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate da In the Linux kernel, the following vulnerability has been resolved: wireguard: receive: annotate data-race around receiving_counter.counter Syzkaller with KCSAN identified a data-race issue when accessing keypair->receiving_counter.counter. Use READ_ONCE() and WRITE_ONCE() annotations to mark the data race as intentional. BUG: KCSAN: data-race in

CVE-2024-26845 [MEDIUM] CVE-2024-26845: In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Add TMF to tmr_list handling An abort that is responded to by iSCSI itself is added to tmr_list but does not go to target core. A LUN_RESET that goes through tmr_list takes a refcounter on the abort and waits for completion. However, the abort will be never complete bec

CVE-2024-26843 [MEDIUM] CWE-787 CVE-2024-26843: In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential ove In the Linux kernel, the following vulnerability has been resolved: efi: runtime: Fix potential overflow of soft-reserved region size md_size will have been narrowed if we have >= 4GB worth of pages in a soft-reserved region.

CVE-2024-26855 [MEDIUM] CWE-476 CVE-2024-26855: In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL po In the Linux kernel, the following vulnerability has been resolved: net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() The function ice_bridge_setlink() may encounter a NULL pointer dereference if nlmsg_find_attr() returns NULL and br_spec is dereferenced subsequently in nla_for_each_nested(). To address this issue, add a che

CVE-2024-26839 [MEDIUM] CWE-401 CVE-2024-26839: In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_ In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix a memleak in init_credit_return When dma_alloc_coherent fails to allocate dd->cr_base[i].va, init_credit_return should deallocate dd->cr_base and dd->cr_base[i] that allocated before. Or those resources would be never freed and a memleak is triggered.

CVE-2024-26833 [MEDIUM] CWE-401 CVE-2024-26833: In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory lea In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak in dm_sw_fini() After destroying dmub_srv, the memory associated with it is not freed, causing a memory leak: unreferenced object 0xffff896302b45800 (size 1024): comm "(udev-worker)", pid 222, jiffies 4294894636 hex dump (first 32 bytes): 00 00 00

CVE-2024-26874 [MEDIUM] CWE-476 CVE-2024-26874: In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointe In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip It's possible that mtk_crtc->event is NULL in mtk_drm_crtc_finish_page_flip(). pending_needs_vblank value is set by mtk_crtc->event, but in mtk_drm_crtc_atomic_flush(), it's is not guarded by the same lock in

CVE-2024-26835 [MEDIUM] CVE-2024-26835: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dorma In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a table marked as active but no registered hooks. On table/base chain deletion, nf

CVE-2024-26894 [MEDIUM] CWE-770 CVE-2024-26894: In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memor In the Linux kernel, the following vulnerability has been resolved: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() After unregistering the CPU idle device, the memory associated with it is not freed, leading to a memory leak: unreferenced object 0xffff896282f6c000 (size 1024): comm "swapper/0", pid 1, jiffies 4294893170 hex