Debian Linux-6.1 vulnerabilities

CVE-2024-58011 [MEDIUM] CVE-2024-58011: linux - In the Linux kernel, the following vulnerability has been resolved: platform/x8... In the Linux kernel, the following vulnerability has been resolved: platform/x86: int3472: Check for adev == NULL Not all devices have an ACPI companion fwnode, so adev might be NULL. This can e.g. (theoretically) happen when a user manually binds one of the int3472 drivers to another i2c/platform device through sysfs. Add a check for adev not being set and return -

CVE-2024-43840 [MEDIUM] CVE-2024-43840: linux - In the Linux kernel, the following vulnerability has been resolved: bpf, arm64:... In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG When BPF_TRAMP_F_CALL_ORIG is set, the trampoline calls __bpf_tramp_enter() and __bpf_tramp_exit() functions, passing them the struct bpf_tramp_image *im pointer as an argument in R0. The trampoline generation code uses emit_addr_mov_i64() to emit

CVE-2024-41066 [MEDIUM] CVE-2024-41066: linux - In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Ad... In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Add tx check to prevent skb leak Below is a summary of how the driver stores a reference to an skb during transmit: tx_buff[free_map[consumer_index]]->skb = new_skb; free_map[consumer_index] = IBMVNIC_INVALID_MAP; consumer_index ++; Where variable data looks like this: free_map == [4, IBMVN

CVE-2024-50072 [MEDIUM] CVE-2024-50072: linux - In the Linux kernel, the following vulnerability has been resolved: x86/bugs: U... In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU: 4 PID: 4610 Comm: dosemu.bin Not tainted 6.6.21-gentoo-x86 #1 Hardware name: Dell Inc. PowerE

CVE-2024-57981 [MEDIUM] CVE-2024-57981: linux - In the Linux kernel, the following vulnerability has been resolved: usb: xhci: ... In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is later aborted, when the abort completion is handled the dequeue pointer is

CVE-2024-47143 [MEDIUM] CVE-2024-47143: linux - In the Linux kernel, the following vulnerability has been resolved: dma-debug: ... In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A)

CVE-2024-45011 [MEDIUM] CVE-2024-45011: linux - In the Linux kernel, the following vulnerability has been resolved: char: xilly... In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices must have a Bulk IN and Bulk OUT endpoint at address 1. This is verified in xillyusb_setup

CVE-2024-56593 [MEDIUM] CVE-2024-56593: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmf... In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. The problem is the number of entri

CVE-2024-46716 [MEDIUM] CVE-2024-46716: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ... In the Linux kernel, the following vulnerability has been resolved: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor Remove list_del call in msgdma_chan_desc_cleanup, this should be the role of msgdma_free_descriptor. In consequence replace list_add_tail with list_move_tail in msgdma_free_descriptor. This fixes the path: msgdma_free_chan_

CVE-2024-46823 [MEDIUM] CVE-2024-46823: linux - In the Linux kernel, the following vulnerability has been resolved: kunit/overf... In the Linux kernel, the following vulnerability has been resolved: kunit/overflow: Fix UB in overflow_allocation_test The 'device_name' array doesn't exist out of the 'overflow_allocation_test' function scope. However, it is being used as a driver name when calling 'kunit_driver_create' from 'kunit_device_register'. It produces the kernel panic with KASAN enabled.

CVE-2024-46807 [MEDIUM] CVE-2024-46807: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/amd... In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: Check tbo resource pointer Validate tbo resource pointer, skip if NULL Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: open forky: resolved (fixed in 6.10.9-1) sid: resolved (fixed in 6.10.9-1) trixie: resolved (fixed in 6.10.9-1)

CVE-2024-37021 [MEDIUM] CVE-2024-37021: linux - In the Linux kernel, the following vulnerability has been resolved: fpga: manag... In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcount. This approach is problematic since it can lead to a null pointer d

CVE-2024-46720 [MEDIUM] CVE-2024-46720: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix dereference after null check check the pointer hive before use. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: open forky: resolved (fixed in 6.10.9-1) sid: resolved (fixed in 6.10.9-1) trixie: resolved (fixed in 6.10.9-1)

CVE-2024-38619 [MEDIUM] CVE-2024-38619: linux - In the Linux kernel, the following vulnerability has been resolved: usb-storage... In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alauda_info will remain 0 if alauda_init_media() fails, potentially causing divide errors in alauda_read_data() and alauda_write_lba(). - Add a member "media_initialized" to struct alauda_info. - Change a co

CVE-2024-41030 [MEDIUM] CVE-2024-41030: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: disc... In the Linux kernel, the following vulnerability has been resolved: ksmbd: discard write access to the directory open may_open() does not allow a directory to be opened with the write access. However, some writing flags set by client result in adding write access on server, making ksmbd incompatible with FUSE file system. Simply, let's discard the write access when

CVE-2024-50110 [MEDIUM] CVE-2024-50110: linux - In the Linux kernel, the following vulnerability has been resolved: xfrm: fix o... In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvms

CVE-2024-43837 [MEDIUM] CVE-2024-43837: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix nu... In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be null. At this time, calling resolve_prog_type() anywhere will result in a null pointer dereference. Example stack tra

CVE-2024-50273 [MEDIUM] CVE-2024-50273: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: rein... In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's ref_add_list using list_del(), which leaves the ref's add_list member not reinitialized, as

CVE-2024-53215 [MEDIUM] CVE-2024-53215: linux - In the Linux kernel, the following vulnerability has been resolved: svcrdma: fi... In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC: Unregistered rdma backchannel transport module. BUG: unable to handle pag

CVE-2024-36244 [MEDIUM] CVE-2024-36244: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ... In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: extend minimum interval restriction to entire cycle too It is possible for syzbot to side-step the restriction imposed by the blamed commit in the Fixes: tag, because the taprio UAPI permits a cycle-time different from (and potentially shorter than) the sum of entry intervals. We