Debian Linux vulnerabilities

CVE-2024-26712 [MEDIUM] CVE-2024-26712: In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error c In the Linux kernel, the following vulnerability has been resolved: powerpc/kasan: Fix addr error caused by page alignment In kasan_init_region, when k_start is not page aligned, at the begin of for loop, k_cur = k_start & PAGE_MASK is less than k_start, and then `va = block + k_cur - k_start` is less than block, the addr va is invalid, because the memory

CVE-2024-26778 [MEDIUM] CVE-2024-26778: In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pix In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Error out if pixclock equals zero The userspace program could pass any values to the driver through ioctl() interface. If the driver doesn't check the value of pixclock, it may cause divide-by-zero error. Although pixclock is checked in savagefb_decode_var(), but it is not

CVE-2024-28219 [MEDIUM] CWE-680 CVE-2024-28219: In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of In _imagingcms.c in Pillow before 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy.

CVE-2024-26743 [MEDIUM] CWE-770 CVE-2024-26743: In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user In the Linux kernel, the following vulnerability has been resolved: RDMA/qedr: Fix qedr_create_user_qp error flow Avoid the following warning by making sure to free the allocated resources in case that qedr_init_user_queue() fail. -----------[ cut here ]----------- WARNING: CPU: 0 PID: 143192 at drivers/infiniband/core/rdma_core.c:874 uverbs_dest

CVE-2024-26695 [MEDIUM] CWE-476 CVE-2024-26695: In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked The SEV platform device can be shutdown with a null psp_master, e.g., using DEBUG_TEST_DRIVER_REMOVE. Found using KASAN: [ 137.148210] ccp 0000:23:00.1: enabling device (0000 -> 0002) [ 137.162647] ccp 00

CVE-2024-26698 [MEDIUM] CWE-362 CVE-2024-26698: In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition b In the Linux kernel, the following vulnerability has been resolved: hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove In commit ac5047671758 ("hv_netvsc: Disable NAPI before closing the VMBus channel"), napi_disable was getting called for all channels, including all subchannels without confirming if they are enabled or not. Thi

CVE-2024-26727 [MEDIUM] CWE-617 CVE-2024-26727: In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the n In the Linux kernel, the following vulnerability has been resolved: btrfs: do not ASSERT() if the newly created subvolume already got read [BUG] There is a syzbot crash, triggered by the ASSERT() during subvolume creation: assertion failed: !anon_dev, in fs/btrfs/disk-io.c:1319 ------------[ cut here ]------------ kernel BUG at fs/btrfs/disk-io.c

CVE-2024-26752 [MEDIUM] CWE-131 CVE-2024-26752: In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message leng In the Linux kernel, the following vulnerability has been resolved: l2tp: pass correct message length to ip6_append_data l2tp_ip6_sendmsg needs to avoid accounting for the transport header twice when splicing more data into an already partially-occupied skbuff. To manage this, we check whether the skbuff contains data using skb_queue_empty when d

CVE-2024-26779 [MEDIUM] CWE-362 CVE-2024-26779: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condit In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix race condition on enabling fast-xmit fast-xmit must only be enabled after the sta has been uploaded to the driver, otherwise it could end up passing the not-yet-uploaded sta via drv_tx calls to the driver, leading to potential crashes because of uninitialized d

CVE-2024-26771 [MEDIUM] CWE-476 CVE-2024-26771: In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some n In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Add some null pointer checks to the edma_probe devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity.

CVE-2024-26707 [MEDIUM] CWE-770 CVE-2024-26707: In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in In the Linux kernel, the following vulnerability has been resolved: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() Syzkaller reported [1] hitting a warning after failing to allocate resources for skb in hsr_init_skb(). Since a WARN_ONCE() call will not help much in this case, it might be prudent to switch to netdev_warn_once(). At th

CVE-2024-26744 [MEDIUM] CWE-476 CVE-2024-26744: In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying t In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module triggers the following kernel crash: BUG: kernel NULL pointer dereference,

CVE-2024-26697 [MEDIUM] CWE-787 CVE-2024-26697: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfs_recovery_copy_block() of nilfs_recovery_dsync_blocks(), which recovers data from logs created by data sync writes during a mount after an unclean shutdown, incorrectly calculates the

CVE-2024-26776 [MEDIUM] CWE-476 CVE-2024-26776: In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_ In the Linux kernel, the following vulnerability has been resolved: spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected Return IRQ_NONE from the interrupt handler when no interrupt was detected. Because an empty interrupt will cause a null pointer error: Unable to handle kernel NULL pointer dereference at virtual address 0000000000

CVE-2024-26702 [MEDIUM] CWE-125 CVE-2024-26702: In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add In the Linux kernel, the following vulnerability has been resolved: iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC Recently, we encounter kernel crash in function rm3100_common_probe caused by out of bound access of array rm3100_samp_rates (because of underlying hardware failures). Add boundary check to preven

CVE-2024-26772 [MEDIUM] CVE-2024-26772: In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks f In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group with a corrupted block bitmap.

CVE-2024-26751 [MEDIUM] CVE-2024-26751: In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to In the Linux kernel, the following vulnerability has been resolved: ARM: ep93xx: Add terminator to gpiod_lookup_table Without the terminator, if a con_id is passed to gpio_find() that does not exist in the lookup table the function will not stop looping correctly, and eventually cause an oops.

CVE-2024-26688 [MEDIUM] CWE-476 CVE-2024-26688: In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer de In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigning NULL to ctx->hstate in hugetlbfs_parse_param() when the requested pa

CVE-2024-26687 [MEDIUM] CWE-459 CVE-2024-26687: In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being taking. The lock order, however, is first irq_mapping_update_lock and the

CVE-2024-26696 [MEDIUM] CWE-667 CVE-2024-26696: In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfs_looku In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() Syzbot reported a hang issue in migrate_pages_batch() called by mbind() and nilfs_lookup_dirty_data_buffers() called in the log writer of nilfs2. While migrate_pages_batch() locks a folio and waits for the writeback to complet