Debian Linux-6.1 vulnerabilities

CVE-2024-56670 [MEDIUM] CVE-2024-56670: linux - In the Linux kernel, the following vulnerability has been resolved: usb: gadget... In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation a

CVE-2024-42090 [MEDIUM] CVE-2024-42090: linux - In the Linux kernel, the following vulnerability has been resolved: pinctrl: fi... In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() calls pinctrl_free(). However, pinctrl_free() attempts to acquire pinctrl_maps_mutex, which

CVE-2024-41076 [MEDIUM] CVE-2024-41076: linux - In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix ... In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix memory leak in nfs4_set_security_label We leak nfs_fattr and nfs4_label every time we set a security xattr. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved forky: resolved (fixed in 6.9.11-1) sid: resolved (fixed in 6.9.11-1) trixie: resolved (fixed in 6.9.11-1)

CVE-2024-56634 [MEDIUM] CVE-2024-56634: linux - In the Linux kernel, the following vulnerability has been resolved: gpio: grgpi... In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL pointer dereference error. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: r

CVE-2024-40977 [MEDIUM] CVE-2024-40977: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76:... In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery During chip recovery (e.g. chip reset), there is a possible situation that kernel worker reset_work is holding the lock and waiting for kernel thread stat_worker to be parked, while stat_worker is waiting for the release of the same

CVE-2024-57897 [MEDIUM] CVE-2024-57897: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd:... In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) i

CVE-2024-41036 [MEDIUM] CVE-2024-41036: linux - In the Linux kernel, the following vulnerability has been resolved: net: ks8851... In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: watchdog: BUG: soft lockup - CPU#0 stuck for 27s! call trace: queued_spin_lock_slowpath+0

CVE-2024-53196 [MEDIUM] CVE-2024-53196: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64:... In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. Nevertheless, it's clear that this plumbing has seen limited testing, since userspace can trivially cause a WARN in the MMIO return: WARNING: CPU:

CVE-2024-50134 [MEDIUM] CVE-2024-50134: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vboxvid... In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write error" warning: [ 13.319813] memcpy: detected field-spanning write (size 16896) of single

CVE-2024-57890 [MEDIUM] CVE-2024-57890: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs... In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_

CVE-2024-44931 [MEDIUM] CVE-2024-44931: linux - In the Linux kernel, the following vulnerability has been resolved: gpio: preve... In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an offset out of range. Offset is copied from user and then used as an array index to get the g

CVE-2024-46829 [MEDIUM] CVE-2024-46829: linux - In the Linux kernel, the following vulnerability has been resolved: rtmutex: Dr... In the Linux kernel, the following vulnerability has been resolved: rtmutex: Drop rt_mutex::wait_lock before scheduling rt_mutex_handle_deadlock() is called with rt_mutex::wait_lock held. In the good case it returns with the lock held and in the deadlock case it emits a warning and goes into an endless scheduling loop with the lock held, which triggers the 'scheduli

CVE-2024-56531 [MEDIUM] CVE-2024-56531: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq... In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upp

CVE-2024-50244 [MEDIUM] CVE-2024-50244: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: A... In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ni_clear() Checking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to uninitialized bitmap during replay process. Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved forky: resolved (fixed in 6.11.7-1) sid: resolved (fixed in 6.11.7-1) trixie: r

CVE-2024-53190 [MEDIUM] CVE-2024-53190: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwi... In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Syzkaller reported a hung task with uevent_show() on stack trace. That specific issue was addressed by another commit [0], but even with that fix applied (for example, running v6.12-rc5) we face another type of hung tas

CVE-2024-49899 [MEDIUM] CVE-2024-49899: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominators' default to 1 [WHAT & HOW] Variables used as denominators and maybe not assigned to other values, should not be 0. Change their default to 1 so they are never 0. This fixes 10 DIVIDE_BY_ZERO issues reported by Coverity. Scope: local bookworm: resolved (fixed

CVE-2024-56562 [MEDIUM] CVE-2024-56562: linux - In the Linux kernel, the following vulnerability has been resolved: i3c: master... In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "in

CVE-2024-56623 [MEDIUM] CVE-2024-56623: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x... In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this cau

CVE-2024-46721 [MEDIUM] CVE-2024-46721: linux - In the Linux kernel, the following vulnerability has been resolved: apparmor: f... In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(..). In that case, it must return an error code and the code, -ENOENT represents its state

CVE-2024-43829 [MEDIUM] CVE-2024-43829: linux - In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Ad... In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved (fixed in 6.10.3-1) sid: res