Debian Linux-6.1 vulnerabilities

CVE-2024-50146 [MEDIUM] CVE-2024-50146: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ... In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not calling profile->cleanup in such a case. This was encountered while testing, with the origi

CVE-2024-43889 [MEDIUM] CVE-2024-43889: linux - In the Linux kernel, the following vulnerability has been resolved: padata: Fix... In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPTI [ 10.017908] CPU: 26 PID: 2627 Comm: kworker/u1666:1 Not tainted 6.10.0-15.el10.x86_64 #1 [ 1

CVE-2024-53124 [MEDIUM] CVE-2024-53124: linux - In the Linux kernel, the following vulnerability has been resolved: net: fix da... In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name:

CVE-2024-43884 [MEDIUM] CVE-2024-43884: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the function. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.1

CVE-2024-46761 [MEDIUM] CVE-2024-46761: linux - In the Linux kernel, the following vulnerability has been resolved: pci/hotplug... In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because although the MSI data structure has been released during disable/hot-u

CVE-2024-50019 [MEDIUM] CVE-2024-50019: linux - In the Linux kernel, the following vulnerability has been resolved: kthread: un... In the Linux kernel, the following vulnerability has been resolved: kthread: unpark only parked kthread Calling into kthread unparking unconditionally is mostly harmless when the kthread is already unparked. The wake up is then simply ignored because the target is not in TASK_PARKED state. However if the kthread is per CPU, the wake up is preceded by a call to kthre

CVE-2024-56661 [MEDIUM] CVE-2024-56661: linux - In the Linux kernel, the following vulnerability has been resolved: tipc: fix N... In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL deref in cleanup_bearer() syzbot found [1] that after blamed commit, ub->ubsock->sk was NULL when attempting the atomic_dec() : atomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count); Fix this by caching the tipc_net pointer. [1] Oops: general protection fault, probably for non-can

CVE-2024-50290 [MEDIUM] CVE-2024-50290: linux - In the Linux kernel, the following vulnerability has been resolved: media: cx24... In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that. Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved (fixed in 5.10.234-1) f

CVE-2024-49851 [MEDIUM] CVE-2024-49851: linux - In the Linux kernel, the following vulnerability has been resolved: tpm: Clean ... In the Linux kernel, the following vulnerability has been resolved: tpm: Clean up TPM space after command failure tpm_dev_transmit prepares the TPM space before attempting command transmission. However if the command fails no rollback of this preparation is done. This can result in transient handles being leaked if the device is subsequently closed with no further c

CVE-2024-40905 [MEDIUM] CVE-2024-40905: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: fix p... In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible race in __fib6_drop_pcpu_from() syzbot found a race in __fib6_drop_pcpu_from() [1] If compiler reads more than once (*ppcpu_rt), second read could read NULL, if another cpu clears the value in rt6_get_pcpu_route(). Add a READ_ONCE() to prevent this race. Also add rcu_read_lock()/r

CVE-2024-58071 [MEDIUM] CVE-2024-58071: linux - In the Linux kernel, the following vulnerability has been resolved: team: preve... In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This is not useful in practice and can lead to recursive locking: $ ip link add veth0 type veth

CVE-2024-43890 [MEDIUM] CVE-2024-43890: linux - In the Linux kernel, the following vulnerability has been resolved: tracing: Fi... In the Linux kernel, the following vulnerability has been resolved: tracing: Fix overflow in get_free_elt() "tracing_map->next_elt" in get_free_elt() is at risk of overflowing. Once it overflows, new elements can still be inserted into the tracing_map even though the maximum number of elements (`max_elts`) has been reached. Continuing to insert elements after the ov

CVE-2024-57938 [MEDIUM] CVE-2024-57938: linux - In the Linux kernel, the following vulnerability has been resolved: net/sctp: P... In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_init() that can consequently trigger overflow. Scope: local bookworm: resolved (fixed in 6.

CVE-2024-42250 [MEDIUM] CVE-2024-42250: linux - In the Linux kernel, the following vulnerability has been resolved: cachefiles:... In the Linux kernel, the following vulnerability has been resolved: cachefiles: add missing lock protection when polling Add missing lock protection in poll routine when iterating xarray, otherwise: Even with RCU read lock held, only the slot of the radix tree is ensured to be pinned there, while the data structure (e.g. struct cachefiles_req) stored in the slot has

CVE-2024-44995 [MEDIUM] CVE-2024-44995: linux - In the Linux kernel, the following vulnerability has been resolved: net: hns3: ... In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start │ ▼ ...... setup tc │ │ ▼ ▼ DOWN: napi_disable() napi_disable()(skip) │ │ │ ▼ ▼ ...... ...... │ │ ▼ │ napi_enable() │ ▼ UINIT: netif_n

CVE-2024-41017 [MEDIUM] CVE-2024-41017: linux - In the Linux kernel, the following vulnerability has been resolved: jfs: don't ... In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.223-1) forky: resolved (fixed in 6.9.12-1) sid: resolved (fixed in 6.9.12-1) trixie

CVE-2024-41072 [MEDIUM] CVE-2024-41072: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80... In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211_wext_siwscan()', add extra check whether number of channels passed via 'ioctl(sock, SIOCSIWSCAN, ...)' doesn't exceed IW_MAX_FREQUENCIES and reject invalid request with -EINVAL otherwise. Scope: local bookworm: resolved (fixed in 6.

CVE-2024-46817 [MEDIUM] CVE-2024-46817: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 [Why] Coverity reports OVERRUN warning. Should abort amdgpu_dm initialize. [How] Return failure to amdgpu_dm_init. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved

CVE-2024-56705 [MEDIUM] CVE-2024-56705: linux - In the Linux kernel, the following vulnerability has been resolved: media: atom... In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgby_data memory allocation failure In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_css_s3a_hmem_decode()

CVE-2024-40915 [MEDIUM] CVE-2024-40915: linux - In the Linux kernel, the following vulnerability has been resolved: riscv: rewr... In the Linux kernel, the following vulnerability has been resolved: riscv: rewrite __kernel_map_pages() to fix sleeping in invalid context __kernel_map_pages() is a debug function which clears the valid bit in page table entry for deallocated pages to detect illegal memory accesses to freed pages. This function set/clear the valid bit using __set_memory(). __set_mem