Debian Linux-6.1 vulnerabilities

CVE-2024-50049 [MEDIUM] CVE-2024-50049: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check null pointer before dereferencing se [WHAT & HOW] se is null checked previously in the same function, indicating it might be null; therefore, it must be checked when used again. This fixes 1 FORWARD_NULL issue reported by Coverity. Scope: local bookworm: resolved (fixed in 6.1

CVE-2024-56587 [MEDIUM] CVE-2024-56587: linux - In the Linux kernel, the following vulnerability has been resolved: leds: class... In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer is

CVE-2024-50233 [MEDIUM] CVE-2024-50233: linux - In the Linux kernel, the following vulnerability has been resolved: staging: ii... In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() In the ad9832_write_frequency() function, clk_get_rate() might return 0. This can lead to a division by zero when calling ad9832_calc_freqreg(). The check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect against

CVE-2024-47673 [MEDIUM] CVE-2024-47673: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwi... In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped Not doing so will make us send a host command to the transport while the firmware is not alive, which will trigger a WARNING. bad state = 0 WARNING: CPU: 2 PID: 17434 at drivers/net/wireless/intel/iwlwifi/iwl-trans.c:115 iwl_trans_send_cmd+0

CVE-2024-56728 [MEDIUM] CVE-2024-56728: linux - In the Linux kernel, the following vulnerability has been resolved: octeontx2-p... In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Add error pointer check after calling otx2_mbox_get_rsp(). Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.12.3-1) sid: resolved (fixed in 6.12.3-1) trixie: resol

CVE-2024-36476 [MEDIUM] CVE-2024-36476: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: ... In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibil

CVE-2024-46770 [MEDIUM] CVE-2024-46770: linux - In the Linux kernel, the following vulnerability has been resolved: ice: Add ne... In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL pointer dereference seen below. Reproduction steps: Once the driver is fully initialized, trigg

CVE-2024-36927 [MEDIUM] CVE-2024-36927: linux - In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix u... In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix uninit-value access in __ip_make_skb() KMSAN reported uninit-value access in __ip_make_skb() [1]. __ip_make_skb() tests HDRINCL to know if the skb has icmphdr. However, HDRINCL can cause a race condition. If calling setsockopt(2) with IP_HDRINCL changes HDRINCL while __ip_make_skb() is run

CVE-2024-40961 [MEDIUM] CVE-2024-40961: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: preve... In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL deref in fib6_nh_init() syzbot reminds us that in6_dev_get() can return NULL. fib6_nh_init() ip6_validate_gw( &idev ) ip6_route_check_nh( idev ) *idev = in6_dev_get(dev); // can be NULL Oops: general protection fault, probably for non-canonical address 0xdffffc00000000bc:

CVE-2024-47663 [MEDIUM] CVE-2024-47663: linux - In the Linux kernel, the following vulnerability has been resolved: staging: ii... In the Linux kernel, the following vulnerability has been resolved: staging: iio: frequency: ad9834: Validate frequency parameter value In ad9834_write_frequency() clk_get_rate() can return 0. In such case ad9834_calc_freqreg() call will lead to division by zero. Checking 'if (fout > (clk_freq / 2))' doesn't protect in case of 'fout' is 0. ad9834_write_frequency() i

CVE-2024-49938 [MEDIUM] CVE-2024-49938: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k... In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths. The intent here is clearly just to reset the length to zero before resubmitting, so switch

CVE-2024-50218 [MEDIUM] CVE-2024-50218: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass... In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow Syzbot reported a kernel BUG in ocfs2_truncate_inline. There are two reasons for this: first, the parameter value passed is greater than ocfs2_max_inline_data_with_xattr, second, the start and end parameters of ocfs2_truncate_inline are "unsign

CVE-2024-53101 [MEDIUM] CVE-2024-53101: linux - In the Linux kernel, the following vulnerability has been resolved: fs: Fix uni... In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_

CVE-2024-35943 [MEDIUM] CVE-2024-35943: linux - In the Linux kernel, the following vulnerability has been resolved: pmdomain: t... In the Linux kernel, the following vulnerability has been resolved: pmdomain: ti: Add a null pointer check to the omap_prm_domain_init devm_kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the pointer validity. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye:

CVE-2024-40953 [MEDIUM] CVE-2024-40953: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a ... In the Linux kernel, the following vulnerability has been resolved: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() Use {READ,WRITE}_ONCE() to access kvm->last_boosted_vcpu to ensure the loads and stores are atomic. In the extremely unlikely scenario the compiler tears the stores, it's theoretically possible for KVM to attempt to get a vCPU using an

CVE-2024-42274 [MEDIUM] CVE-2024-42274: linux - In the Linux kernel, the following vulnerability has been resolved: Revert "ALS... In the Linux kernel, the following vulnerability has been resolved: Revert "ALSA: firewire-lib: operate for period elapse event in process context" Commit 7ba5ca32fe6e ("ALSA: firewire-lib: operate for period elapse event in process context") removed the process context workqueue from amdtp_domain_stream_pcm_pointer() and update_pcm_pointers() to remove its overhead

CVE-2024-45022 [MEDIUM] CVE-2024-45022: linux - In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc:... In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 The __vmap_pages_range_noflush() assumes its argument pages** contains pages with the same page shift. However, since commit e9c3cda4d86e ("mm, vmalloc: fix high order __GFP_NOFAIL allocations"), if gfp_flags i

CVE-2024-50255 [MEDIUM] CVE-2024-50255: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it also returns NULL where an opcode doesn't exist in the hci_cc table because hci_cmd_comple

CVE-2024-49975 [MEDIUM] CVE-2024-49975: linux - In the Linux kernel, the following vulnerability has been resolved: uprobes: fi... In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_READ, VM_EXEC results in the same pgprot_t as VM_EXEC|VM_READ, although this doesn't really

CVE-2024-47753 [MEDIUM] CVE-2024-47753: linux - In the Linux kernel, the following vulnerability has been resolved: media: medi... In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning Fix a smatch static checker warning on vdec_vp8_req_if.c. Which leads to a kernel crash when fb is NULL. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: resolved forky: resolved (fixed in 6.11.2-1) sid: resolved (fixed