Debian Linux-6.1 vulnerabilities

CVE-2024-58076 [MEDIUM] CVE-2024-58076: linux - In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ... In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gcc-sm6350: Add missing parent_map for two clocks If a clk_rcg2 has a parent, it should also have parent_map defined, otherwise we'll get a NULL pointer dereference when calling clk_set_rate like the following: [ 3.388105] Call trace: [ 3.390664] qcom_find_src_index+0x3c/0x70 (P) [ 3.3953

CVE-2024-36908 [MEDIUM] CVE-2024-36908: linux - In the Linux kernel, the following vulnerability has been resolved: blk-iocost:... In the Linux kernel, the following vulnerability has been resolved: blk-iocost: do not WARN if iocg was already offlined In iocg_pay_debt(), warn is triggered if 'active_list' is empty, which is intended to confirm iocg is active when it has debt. However, warn can be triggered during a blkcg or disk removal, if iocg_waitq_timer_fn() is run at that time: WARNING: CP

CVE-2024-50116 [MEDIUM] CVE-2024-50116: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix... In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in submit_bh_wbc() may fail, causing a kernel bug. This is because the buffer delay flag is

CVE-2024-43902 [MEDIUM] CVE-2024-43902: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: open forky: resolved (fixed in 6.10.6-1) sid: resolved (fixed in

CVE-2024-56778 [MEDIUM] CVE-2024-56778: linux - In the Linux kernel, the following vulnerability has been resolved: drm/sti: av... In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: open forky: resolved

CVE-2024-42079 [MEDIUM] CVE-2024-42079: linux - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix N... In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer d

CVE-2024-49933 [MEDIUM] CVE-2024-49933: linux - In the Linux kernel, the following vulnerability has been resolved: blk_iocost:... In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is too large for 64-bit type 'u64' (aka 'unsigned long long') ... UBSAN: shift-out-of-bounds

CVE-2024-53158 [MEDIUM] CVE-2024-53158: linux - In the Linux kernel, the following vulnerability has been resolved: soc: qcom: ... In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the sta

CVE-2024-53128 [MEDIUM] CVE-2024-53128: linux - In the Linux kernel, the following vulnerability has been resolved: sched/task_... In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepa

CVE-2024-44938 [MEDIUM] CVE-2024-44938: linux - In the Linux kernel, the following vulnerability has been resolved: jfs: Fix sh... In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop directly when negative shift is found. Scope: local bookworm: resolved (fixed in 6.1.112-1) bull

CVE-2024-56755 [MEDIUM] CVE-2024-56755: linux - In the Linux kernel, the following vulnerability has been resolved: netfs/fscac... In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading

CVE-2024-42319 [MEDIUM] CVE-2024-42319: linux - In the Linux kernel, the following vulnerability has been resolved: mailbox: mt... In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei below: cmdq_mbox_shutdown mbox_free_channel mbox_controller_unregister __devm_mbox_controller_

CVE-2024-41047 [MEDIUM] CVE-2024-41047: linux - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix X... In the Linux kernel, the following vulnerability has been resolved: i40e: Fix XDP program unloading while removing the driver The commit 6533e558c650 ("i40e: Fix reset path while removing the driver") introduced a new PF state "__I40E_IN_REMOVE" to block modifying the XDP program while the driver is being removed. Unfortunately, such a change is useful only if the "

CVE-2024-53240 [MEDIUM] CVE-2024-53240: linux - In the Linux kernel, the following vulnerability has been resolved: xen/netfron... In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying

CVE-2024-40973 [MEDIUM] CVE-2024-40973: linux - In the Linux kernel, the following vulnerability has been resolved: media: mtk-... In the Linux kernel, the following vulnerability has been resolved: media: mtk-vcodec: potential null pointer deference in SCP The return value of devm_kzalloc() needs to be checked to avoid NULL pointer deference. This is similar to CVE-2022-3113. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: open forky: resolved (fixed in 6.9.7-1) sid: resolved (f

CVE-2024-56779 [MEDIUM] CVE-2024-56779: linux - In the Linux kernel, the following vulnerability has been resolved: nfsd: fix n... In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs ser

CVE-2024-40959 [MEDIUM] CVE-2024-40959: linux - In the Linux kernel, the following vulnerability has been resolved: xfrm6: chec... In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range

CVE-2024-49571 [MEDIUM] CVE-2024-49571: linux - In the Linux kernel, the following vulnerability has been resolved: net/smc: ch... In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field iparea_offset, once exceed the m

CVE-2024-42126 [MEDIUM] CVE-2024-42126: linux - In the Linux kernel, the following vulnerability has been resolved: powerpc: Av... In the Linux kernel, the following vulnerability has been resolved: powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt. nmi_enter()/nmi_exit() touches per cpu variables which can lead to kernel crash when invoked during real mode interrupt handling (e.g. early HMI/MCE interrupt handler) if percpu allocation comes from vmalloc area. Early HMI/MCE handlers are c

CVE-2024-26767 [MEDIUM] CVE-2024-26767: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fixed integer types and null check locations [why]: issues fixed: - comparison with wider integer type in loop condition which can cause infinite loops - pointer dereference before null check Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: resolved forky: resolved (fi