Debian Linux vulnerabilities

CVE-2024-26857 [MEDIUM] CWE-908 CVE-2024-26857: In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner In the Linux kernel, the following vulnerability has been resolved: geneve: make sure to pull inner header in geneve_rx() syzbot triggered a bug in geneve_rx() [1] Issue is similar to the one I fixed in commit 8d975c15c0cd ("ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()") We have to save skb->network_header in a temporary variabl

CVE-2024-26878 [MEDIUM] CWE-362 CVE-2024-26878: In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL point In the Linux kernel, the following vulnerability has been resolved: quota: Fix potential NULL pointer dereference Below race may cause NULL pointer dereference P1 P2 dquot_free_inode quota_off drop_dquot_ref remove_dquot_ref dquots = i_dquot(inode) dquots = i_dquot(inode) srcu_read_lock dquots[cnt]) != NULL (1) dquots[type] = NULL (2) spin_lock(&

CVE-2024-26862 [MEDIUM] CWE-362 CVE-2024-26862: In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races aro In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: BUG: KCSAN: data-race in dev_queue_xmit_nit / packet_setsockopt write

CVE-2024-26859 [MEDIUM] CWE-362 CVE-2024-26859: In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a In the Linux kernel, the following vulnerability has been resolved: net/bnx2x: Prevent access to a freed page in page_pool Fix race condition leading to system crash during EEH error handling During EEH error recovery, the bnx2x driver's transmit timeout logic could cause a race condition when handling reset tasks. The bnx2x_tx_timeout() schedules

CVE-2024-26889 [MEDIUM] CWE-120 CVE-2024-26889: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possib In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix possible buffer overflow struct hci_dev_info has a fixed size name[8] field so in the event that hdev->name is bigger than that strcpy would attempt to write past its size, so this fixes this problem by switching to use strscpy.

CVE-2024-26820 [MEDIUM] CVE-2024-26820: In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvs In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed If hv_netvsc driver is unloaded and reloaded, the NET_DEVICE_REGISTER handler cannot perform VF register successfully as the register call is received before netvsc_probe is finished. This is because we register register

CVE-2024-26897 [MEDIUM] CWE-362 CVE-2024-26897: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9k In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete The ath9k_wmi_event_tasklet() used in ath9k_htc assumes that all the data structures have been fully initialised by the time it runs. However, because of the order in which things are initialised, this is n

CVE-2024-26846 [MEDIUM] CWE-415 CVE-2024-26846: In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain wh In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvme_delete_ctrl and ida_destroy has been added by the initial commit. There is some log

CVE-2024-26906 [MEDIUM] CVE-2024-26906: In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to handle page fault for address: ffffffffff600000 #PF: supervisor read access in kern

CVE-2024-26870 [MEDIUM] CVE-2024-26870: In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr ker In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 A call to listxattr() with a buffer size = 0 returns the actual size of the buffer needed for a subsequent call. When size > 0, nfs4_listxattr() does not return an error because either generic_listxattr() or nfs4_listxattr_nfs4_l

CVE-2024-26877 [MEDIUM] CVE-2024-26877: In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize In the Linux kernel, the following vulnerability has been resolved: crypto: xilinx - call finalize with bh disabled When calling crypto_finalize_request, BH should be disabled to avoid triggering the following calltrace: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 74 at crypto/crypto_engine.c:58 crypto_finalize_request+0xa0/0x118 Modules lin

CVE-2024-26917 [MEDIUM] CVE-2024-26917: In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: fcoe: Fix p In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" This reverts commit 1a1975551943f681772720f639ff42fbaa746212. This commit causes interrupts to be lost for FCoE devices, since it changed sping locks from "bh" to "irqsave". Instead, a work queue should be used, and wi

CVE-2024-26863 [MEDIUM] CWE-908 CVE-2024-26863: In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in In the Linux kernel, the following vulnerability has been resolved: hsr: Fix uninit-value access in hsr_get_node() KMSAN reported the following uninit-value access issue [1]: BUG: KMSAN: uninit-value in hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 hsr_get_node+0xa2e/0xa40 net/hsr/hsr_framereg.c:246 fill_frame_info net/hsr/hsr_forward.c:577

CVE-2024-26880 [MEDIUM] CWE-476 CVE-2024-26880: In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on i In the Linux kernel, the following vulnerability has been resolved: dm: call the resume method on internal suspend There is this reported crash when experimenting with the lvm2 testsuite. The list corruption is caused by the fact that the postsuspend and resume methods were not paired correctly; there were two consecutive calls to the origin_posts

CVE-2024-26851 [MEDIUM] CWE-787 CVE-2024-26851: In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: A In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(b=75) + 712 vmlinux decode_seq(bs=0xFFFFFFD008037000, f=0xFFFFFFD0080370

CVE-2024-3864 [HIGH] CWE-119 CVE-2024-3864: Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed Memory safety bug present in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9. This bug showed evidence of memory corruption and we presume that with enough effort this could have been exploited to run arbitrary code. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2022-24805 [HIGH] CWE-120 CVE-2022-24805: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the `INDEX` of `NET-SNMP-VACM-MIB` can cause an out-of-bounds memory access. A user with read-only credentials can exploit the issue. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials

CVE-2022-24810 [HIGH] CWE-476 CVE-2022-24810: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can use a malformed OID in a SET to the nsVacmAccessTable to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those

CVE-2024-3857 [HIGH] CWE-416 CVE-2024-3857: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10.

CVE-2022-24809 [MEDIUM] CWE-476 CVE-2022-24809: net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-only credentials can use a malformed OID in a `GET-NEXT` to the `nsVacmAccessTable` to cause a NULL pointer dereference. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credenti