Debian Linux-6.1 vulnerabilities

CVE-2024-53081 [MEDIUM] CVE-2024-53081: linux - In the Linux kernel, the following vulnerability has been resolved: media: ar05... In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that both sides of the expression are u64. Scope: local bookworm: resolved (fix

CVE-2024-42096 [MEDIUM] CVE-2024-42096: linux - In the Linux kernel, the following vulnerability has been resolved: x86: stop p... In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions based on the stack layout that aren't necessarily valid. Basically, the code tries to accou

CVE-2024-50012 [MEDIUM] CVE-2024-50012: linux - In the Linux kernel, the following vulnerability has been resolved: cpufreq: Av... In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args returns an error, then the reference to the CPU device node that was acquired at the start of the function would not be properly decremented. Address this by declaring the va

CVE-2024-50187 [MEDIUM] CVE-2024-50187: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vc4: St... In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Stop the active perfmon before being destroyed Upon closing the file descriptor, the active performance monitor is not stopped. Although all perfmons are destroyed in `vc4_perfmon_close_file()`, the active performance monitor's pointer (`vc4->active_perfmon`) is still retained. If we open a

CVE-2024-41005 [MEDIUM] CVE-2024-41005: linux - In the Linux kernel, the following vulnerability has been resolved: netpoll: Fi... In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by interrupt on cpu 10: net_rx_action (./include/linux/netpoll.h:90 net/core/dev.c:6712 net/core/d

CVE-2024-50078 [MEDIUM] CVE-2024-50078: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with proto_register() becomes invalid, which could cause unpredictable problems later. In my case, with CONFIG_LIST_HARDENE

CVE-2024-50171 [MEDIUM] CVE-2024-50171: linux - In the Linux kernel, the following vulnerability has been resolved: net: system... In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcm_sysport_xmit() The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb in case of dma_map_single() fails, add dev_kfree_skb() to fix it. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: resolved (fixed in 5.10.234-1) forky: reso

CVE-2024-56648 [MEDIUM] CVE-2024-56648: linux - In the Linux kernel, the following vulnerability has been resolved: net: hsr: a... In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forw

CVE-2024-43875 [MEDIUM] CVE-2024-43875: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: endpoi... In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Clean up error handling in vpci_scan_bus() Smatch complains about inconsistent NULL checking in vpci_scan_bus(): drivers/pci/endpoint/functions/pci-epf-vntb.c:1024 vpci_scan_bus() error: we previously assumed 'vpci_bus' could be null (see line 1021) Instead of printing an error messag

CVE-2024-58052 [MEDIUM] CVE-2024-58052: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table The function atomctrl_get_smc_sclk_range_table() does not check the return value of smu_atom_get_data_table(). If smu_atom_get_data_table() fails to retrieve SMU_Info table, it returns NULL which is later derefer

CVE-2024-50167 [MEDIUM] CVE-2024-50167: linux - In the Linux kernel, the following vulnerability has been resolved: be2net: fix... In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.11.6-

CVE-2024-50087 [MEDIUM] CVE-2024-50087: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix ... In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corresponding buffer. Thus, it is not guaranteed that fscrypt_str.name is initialized when free

CVE-2024-56785 [MEDIUM] CVE-2024-56785: linux - In the Linux kernel, the following vulnerability has been resolved: MIPS: Loong... In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:

CVE-2024-42098 [MEDIUM] CVE-2024-42098: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: ecd... In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that the caller provides a key (or the newly generated key) which is shorter than the previous

CVE-2024-57834 [MEDIUM] CVE-2024-57834: linux - In the Linux kernel, the following vulnerability has been resolved: media: vidt... In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread syzbot report a null-ptr-deref in vidtv_mux_stop_thread. [1] If dvb->mux is not initialized successfully by vidtv_mux_init() in the vidtv_start_streaming(), it will trigger null pointer dereference about mux in vidtv_mux_stop_thread(). Adju

CVE-2024-47737 [MEDIUM] CVE-2024-47737: linux - In the Linux kernel, the following vulnerability has been resolved: nfsd: call ... In the Linux kernel, the following vulnerability has been resolved: nfsd: call cache_put if xdr_reserve_space returns NULL If not enough buffer space available, but idmap_lookup has triggered lookup_fn which calls cache_get and returns successfully. Then we missed to call cache_put here which pairs with cache_get. Reviwed-by: Jeff Layton Scope: local bookworm: resol

CVE-2024-57884 [MEDIUM] CVE-2024-57884: linux - In the Linux kernel, the following vulnerability has been resolved: mm: vmscan:... In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule

CVE-2024-44971 [MEDIUM] CVE-2024-44971: linux - In the Linux kernel, the following vulnerability has been resolved: net: dsa: b... In the Linux kernel, the following vulnerability has been resolved: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() bcm_sf2_mdio_register() calls of_phy_find_device() and then phy_device_remove() in a loop to remove existing PHY devices. of_phy_find_device() eventually calls bus_find_device(), which calls get_device() on the returned struct

CVE-2024-53100 [MEDIUM] CVE-2024-53100: linux - In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: ... In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->queue_lock in nvme_tcp_get_address(). However, the mutex_lock() races with mutex_destroy() in nvme_tcp_free_queue(),

CVE-2024-49915 [MEDIUM] CVE-2024-49915: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw This commit addresses a potential null pointer dereference issue in the `dcn32_init_hw` function. The issue could occur when `dc->clk_mgr` is null. The fix adds a check to ensure `dc->clk_mgr` is not null before accessing its functions. Th