Debian Linux-6.1 vulnerabilities

CVE-2024-44950 [MEDIUM] CVE-2024-44950: linux - In the Linux kernel, the following vulnerability has been resolved: serial: sc1... In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: fix invalid FIFO access with special register set When enabling access to the special register set, Receiver time-out and RHR interrupts can happen. In this case, the IRQ handler will try to read from the FIFO thru the RHR register at address 0x00, but address 0x00 is mapped to DL

CVE-2024-40957 [MEDIUM] CVE-2024-40957: linux - In the Linux kernel, the following vulnerability has been resolved: seg6: fix p... In the Linux kernel, the following vulnerability has been resolved: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors input_action_end_dx4() and input_action_end_dx6() are called NF_HOOK() for PREROUTING hook, in PREROUTING hook, we should passing a valid indev, and a NULL outdev to NF_HOOK(), otherwise may trigger a NULL pointer de

CVE-2024-56546 [MEDIUM] CVE-2024-56546: linux - In the Linux kernel, the following vulnerability has been resolved: drivers: so... In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolve

CVE-2024-40924 [MEDIUM] CVE-2024-40924: linux - In the Linux kernel, the following vulnerability has been resolved: drm/i915/dp... In the Linux kernel, the following vulnerability has been resolved: drm/i915/dpt: Make DPT object unshrinkable In some scenarios, the DPT object gets shrunk but the actual framebuffer did not and thus its still there on the DPT's vm->bound_list. Then it tries to rewrite the PTEs via a stale CPU mapping. This causes panic. [vsyrjala: Add TODO comment] (cherry picked

CVE-2024-56751 [MEDIUM] CVE-2024-56751: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: relea... In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at dst_init+0x84/0x4a0 dst_alloc+0x97/0x1

CVE-2024-57924 [MEDIUM] CVE-2024-57924: linux - In the Linux kernel, the following vulnerability has been resolved: fs: relax a... In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of f

CVE-2024-43879 [MEDIUM] CVE-2024-43879: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80... In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() Currently NL80211_RATE_INFO_HE_RU_ALLOC_2x996 is not handled in cfg80211_calculate_bitrate_he(), leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel: WARNING: CPU: 0 PID: 2312 at net/wireless/util.c:1501 cf

CVE-2024-46810 [MEDIUM] CVE-2024-46810: linux - In the Linux kernel, the following vulnerability has been resolved: drm/bridge:... In the Linux kernel, the following vulnerability has been resolved: drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ Make sure the connector is fully initialized before signalling any HPD events via drm_kms_helper_hotplug_event(), otherwise this may lead to NULL pointer dereference. Scope: local bookworm: resolved (fixed in 6.1.11

CVE-2024-49891 [MEDIUM] CVE-2024-49891: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc:... In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths When the HBA is undergoing a reset or is handling an errata event, NULL ptr dereference crashes may occur in routines such as lpfc_sli_flush_io_rings(), lpfc_dev_loss_tmo_callbk(), or lpfc_abort_handler(). Add NULL ptr che

CVE-2024-49963 [MEDIUM] CVE-2024-49963: linux - In the Linux kernel, the following vulnerability has been resolved: mailbox: bc... In the Linux kernel, the following vulnerability has been resolved: mailbox: bcm2835: Fix timeout during suspend mode During noirq suspend phase the Raspberry Pi power driver suffer of firmware property timeouts. The reason is that the IRQ of the underlying BCM2835 mailbox is disabled and rpi_firmware_property_list() will always run into a timeout [1]. Since the Vid

CVE-2024-42246 [MEDIUM] CVE-2024-42246: linux - In the Linux kernel, the following vulnerability has been resolved: net, sunrpc... In the Linux kernel, the following vulnerability has been resolved: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket When using a BPF program on kernel_connect(), the call can return -EPERM. This causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing the kernel to potentially freeze up. Neil suggested: This will

CVE-2024-49879 [MEDIUM] CVE-2024-49879: linux - In the Linux kernel, the following vulnerability has been resolved: drm: omapdr... In the Linux kernel, the following vulnerability has been resolved: drm: omapdrm: Add missing check for alloc_ordered_workqueue As it may return NULL pointer and cause NULL pointer dereference. Add check for the return value of alloc_ordered_workqueue. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixe

CVE-2024-53135 [MEDIUM] CVE-2024-53135: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: B... In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, a

CVE-2024-49875 [MEDIUM] CVE-2024-49875: linux - In the Linux kernel, the following vulnerability has been resolved: nfsd: map t... In the Linux kernel, the following vulnerability has been resolved: nfsd: map the EBADMSG to nfserr_io to avoid warning Ext4 will throw -EBADMSG through ext4_readdir when a checksum error occurs, resulting in the following WARNING. Fix it by mapping EBADMSG to nfserr_io. nfsd_buffered_readdir iterate_dir // -EBADMSG -74 ext4_readdir // .iterate_shared ext4_dx_readdi

CVE-2024-47666 [MEDIUM] CVE-2024-47666: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: pm80x... In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Set phy->enable_completion only when we wait for it pm8001_phy_control() populates the enable_completion pointer with a stack address, sends a PHY_LINK_RESET / PHY_HARD_RESET, waits 300 ms, and returns. The problem arises when a phy control response comes late. After 300 ms the pm8001_

CVE-2024-56725 [MEDIUM] CVE-2024-56725: linux - In the Linux kernel, the following vulnerability has been resolved: octeontx2-p... In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Add error pointer check after calling otx2_mbox_get_rsp(). Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved forky: resolved (fixed in 6.12.3-1) sid: resolved (fixed in 6.12.3-1) trixie: resolved (fixed in 6.12.3-1)

CVE-2024-50060 [MEDIUM] CVE-2024-50060: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring: c... In the Linux kernel, the following vulnerability has been resolved: io_uring: check if we need to reschedule during overflow flush In terms of normal application usage, this list will always be empty. And if an application does overflow a bit, it'll have a few entries. However, nothing obviously prevents syzbot from running a test case that generates a ton of overfl

CVE-2024-41088 [MEDIUM] CVE-2024-41088: linux - In the Linux kernel, the following vulnerability has been resolved: can: mcp251... In the Linux kernel, the following vulnerability has been resolved: can: mcp251xfd: fix infinite loop when xmit fails When the mcp251xfd_start_xmit() function fails, the driver stops processing messages, and the interrupt routine does not return, running indefinitely even after killing the running application. Error messages: [ 441.298819] mcp251xfd spi2.0 can0: ERR

CVE-2024-43868 [MEDIUM] CVE-2024-43868: linux - In the Linux kernel, the following vulnerability has been resolved: riscv/purga... In the Linux kernel, the following vulnerability has been resolved: riscv/purgatory: align riscv_kernel_entry When alignment handling is delegated to the kernel, everything must be word-aligned in purgatory, since the trap handler is then set to the kexec one. Without the alignment, hitting the exception would ultimately crash. On other occasions, the kernel's handl

CVE-2024-50103 [MEDIUM] CVE-2024-50103: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom:... In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred without addtional check. Add a NULL check for the returned pointer. Scope: local bookworm: