Debian Linux vulnerabilities

CVE-2024-26788 [MEDIUM] CWE-908 CVE-2024-26788: In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq a In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: init irq after reg initialization Initialize the qDMA irqs after the registers are configured so that interrupts that may have been pending from a primary kernel don't get processed by the irq handler before it is ready to and cause panic with the following tr

CVE-2024-24795 [MEDIUM] CWE-113 CVE-2024-24795: HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue.

CVE-2024-26787 [MEDIUM] CVE-2024-26787: In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API o In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings aren't supported WARNING: CPU: 1 PID: 51 at kernel/dma/debug.c:568 add_dma_ent

CVE-2024-28182 [MEDIUM] CWE-770 CVE-2024-28182: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by

CVE-2024-26790 [MEDIUM] CWE-667 CVE-2024-26790: In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC ma In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read There is chip (ls1028a) errata: The SoC may hang on 16 byte unaligned read transactions by QDMA. Unaligned read transactions initiated by QDMA may stall in the NOC (Network On-Chip), causing a deadlock condition. St

CVE-2024-26808 [MEDIUM] CVE-2024-26808: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: ha In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevice remains in the hook list.

CVE-2024-26804 [MEDIUM] CWE-416 CVE-2024-26804: In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetu In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr ffff88812fb4000e by task syz-executor183/5191 [..] kasan_report+0xda/0x

CVE-2024-26781 [MEDIUM] CWE-667 CVE-2024-26781: In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible deadlock in subflow diag Syzbot and Eric reported a lockdep splat in the subflow diag: WARNING: possible circular locking dependency detected 6.8.0-rc4-syzkaller-00212-g40b9385dd8e6 #0 Not tainted syz-executor.2/24141 is trying to acquire lock: ffff8880458701

CVE-2024-26809 [MEDIUM] CVE-2024-26809: In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: rele In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: release elements in clone only from destroy path Clone already always provides a current view of the lookup table, use it to destroy the set, otherwise it is possible to destroy elements twice. This fix requires: 212ed75dc5fb ("netfilter: nf_tables: integrate

CVE-2024-26795 [MEDIUM] CVE-2024-26795: In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap ou In the Linux kernel, the following vulnerability has been resolved: riscv: Sparse-Memory/vmemmap out-of-bounds fix Offset vmemmap so that the first page of vmemmap will be mapped to the first page of physical memory in order to ensure that vmemmap’s bounds will be respected during pfn_to_page()/page_to_pfn() operations. The conversion macros will produce

CVE-2024-26753 [HIGH] CWE-787 CVE-2024-26753: In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix s In the Linux kernel, the following vulnerability has been resolved: crypto: virtio/akcipher - Fix stack overflow on memcpy sizeof(struct virtio_crypto_akcipher_session_para) is less than sizeof(struct virtio_crypto_op_ctrl_req::u), copying more bytes from stack variable leads stack overflow. Clang reports this issue by commands: make -j CC=clang-14

CVE-2023-52637 [HIGH] CWE-416 CVE-2023-52637: In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following trace was seen on affected system: BUG: KASAN: slab-use-after-free in j193

CVE-2024-26736 [HIGH] CWE-787 CVE-2024-26736: In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in af In the Linux kernel, the following vulnerability has been resolved: afs: Increase buffer size in afs_update_volume_status() The max length of volume->vid value is 20 characters. So increase idbuf[] size up to 24 to avoid overflow. Found by Linux Verification Center (linuxtesting.org) with SVACE. [DH: Actually, it's 20 + NUL, so increase it to 24 a

CVE-2024-26704 [HIGH] CWE-415 CVE-2024-26704: In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocations when moved_len is not zero. When the loop fails to exit after succes

CVE-2024-26739 [HIGH] CWE-416 CVE-2024-26739: In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't ov In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcode to SHOT. If we have called tcf_mirred_forward(), however, the skb is ou

CVE-2024-26763 [HIGH] CWE-787 CVE-2024-26763: In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data In the Linux kernel, the following vulnerability has been resolved: dm-crypt: don't modify the data when using authenticated encryption It was said that authenticated encryption could produce invalid tag when the data that is being encrypted is modified [1]. So, fix this problem by copying the data into the clone bio first and then encrypt them insi

CVE-2024-26754 [HIGH] CWE-416 CVE-2024-26754: In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and nul In the Linux kernel, the following vulnerability has been resolved: gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() The gtp_net_ops pernet operations structure for the subsystem must be registered before registering the generic netlink family. Syzkaller hit 'general protection fault in gtp_genl_dump_pdp' bug: general protection f

CVE-2024-26689 [HIGH] CWE-416 CVE-2024-26689: In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the refcount could be increment here, it was freed. In same file, in "handle_ca

CVE-2024-26733 [MEDIUM] CWE-787 CVE-2024-26733: In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_re In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpreq.arp_ha.sa_data. The arp_ha here is struct sockaddr, not struct sock

CVE-2024-26735 [MEDIUM] CWE-416 CVE-2024-26735: In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-afte In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.