Debian Linux-6.1 vulnerabilities

CVE-2024-43831 [MEDIUM] CVE-2024-43831: linux - In the Linux kernel, the following vulnerability has been resolved: media: medi... In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: open forky: resolved (fixed in 6.10.3-1) sid: resolved (fixed in 6.10.3-1) trixie: resol

CVE-2024-50182 [MEDIUM] CVE-2024-50182: linux - In the Linux kernel, the following vulnerability has been resolved: secretmem: ... In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not present can only be done if the direct map is set up at 4k granu

CVE-2024-40990 [MEDIUM] CVE-2024-40990: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: ... In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Add check for srq max_sge attribute max_sge attribute is passed by the user, and is inserted and used unchecked, so verify that the value doesn't exceed maximum allowed value before using it. Scope: local bookworm: resolved (fixed in 6.1.99-1) bullseye: resolved (fixed in 5.10.221-1) fork

CVE-2024-57977 [MEDIUM] CVE-2024-57977: linux - In the Linux kernel, the following vulnerability has been resolved: memcg: fix ... In the Linux kernel, the following vulnerability has been resolved: memcg: fix soft lockup in the OOM process A soft lockup issue was found in the product with about 56,000 tasks were in the OOM cgroup, it was traversing them when the soft lockup was triggered. watchdog: BUG: soft lockup - CPU#2 stuck for 23s! [VM Thread:1503066] CPU: 2 PID: 1503066 Comm: VM Thread

CVE-2024-57931 [MEDIUM] CVE-2024-57931: linux - In the Linux kernel, the following vulnerability has been resolved: selinux: ig... In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels. Scope: local bookworm: resolved (fixed in 6.1.124-1) bullseye: reso

CVE-2024-50008 [MEDIUM] CVE-2024-50008: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mwifi... In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() Replace one-element array with a flexible-array member in `struct host_cmd_ds_802_11_scan_ext`. With this, fix the following warning: elo 16 17:51:58 surfacebook kernel: ------------[ cut here ]------------ elo

CVE-2024-57903 [MEDIUM] CVE-2024-57903: linux - In the Linux kernel, the following vulnerability has been resolved: net: restri... In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP,

CVE-2024-46755 [MEDIUM] CVE-2024-46755: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mwifi... In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually currently in use. Unused priv pointers do not have a wiphy attached to them which can lead to

CVE-2024-41095 [MEDIUM] CVE-2024-41095: linux - In the Linux kernel, the following vulnerability has been resolved: drm/nouveau... In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes In nv17_tv_get_ld_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Scope: local bookwo

CVE-2024-38553 [MEDIUM] CVE-2024-38553: linux - In the Linux kernel, the following vulnerability has been resolved: net: fec: r... In the Linux kernel, the following vulnerability has been resolved: net: fec: remove .ndo_poll_controller to avoid deadlocks There is a deadlock issue found in sungem driver, please refer to the commit ac0a230f719b ("eth: sungem: remove .ndo_poll_controller to avoid deadlocks"). The root cause of the issue is that netpoll is in atomic context and disable_irq() is ca

CVE-2024-43849 [MEDIUM] CVE-2024-43849: linux - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ... In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of those fields under the main pdr->lock. Scope: local bookworm: resolved (fixed in 6.1.106-1) b

CVE-2024-44944 [MEDIUM] CVE-2024-44944: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use helper function to calculate expect ID Delete expectation path is missing a call to the nf_expect_get_id() helper function to calculate the expectation ID, otherwise LSB of the expectation object address is leaked to userspace. Scope: local bookworm: resolved (fixed in 6.1.

CVE-2024-49898 [MEDIUM] CVE-2024-49898: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null-initialized variables [WHAT & HOW] drr_timing and subvp_pipe are initialized to null and they are not always assigned new values. It is necessary to check for null before dereferencing. This fixes 2 FORWARD_NULL issues reported by Coverity. Scope: local bookworm: resolved

CVE-2024-41060 [MEDIUM] CVE-2024-41060: linux - In the Linux kernel, the following vulnerability has been resolved: drm/radeon:... In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.9.11-1) sid: reso

CVE-2024-49850 [MEDIUM] CVE-2024-49850: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: correc... In the Linux kernel, the following vulnerability has been resolved: bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos In case of malformed relocation record of kind BPF_CORE_TYPE_ID_LOCAL referencing a non-existing BTF type, function bpf_core_calc_relo_insn would cause a null pointer deference. Fix this by adding a proper check upper in call stack, as mal

CVE-2024-56578 [MEDIUM] CVE-2024-56578: linux - In the Linux kernel, the following vulnerability has been resolved: media: imx-... In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved forky: res

CVE-2024-42321 [MEDIUM] CVE-2024-42321: linux - In the Linux kernel, the following vulnerability has been resolved: net: flow_d... In the Linux kernel, the following vulnerability has been resolved: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE The following splat is easy to reproduce upstream as well as in -stable kernels. Florian Westphal provided the following commit: d1dab4f71d37 ("net: add and use __skb_get_hash_symmetric_net") but this complementary fix has been also suggested by Willem

CVE-2024-50272 [MEDIUM] CVE-2024-50272: linux - In the Linux kernel, the following vulnerability has been resolved: filemap: Fi... In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop. This behaviour was discovered when testing xfstest

CVE-2024-56532 [MEDIUM] CVE-2024-56532: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: us122... In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the up

CVE-2024-26656 [MEDIUM] CVE-2024-26656: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo Jung . For example the following code: static void Syzkaller1(int fd) { struct drm_amdgpu_g