Debian Linux-6.1 vulnerabilities

CVE-2024-44947 [MEDIUM] CVE-2024-44947: linux - In the Linux kernel, the following vulnerability has been resolved: fuse: Initi... In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_notify_store() must be more careful to fully initialize page contents (including parts of t

CVE-2024-40960 [MEDIUM] CVE-2024-40960: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: preve... In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible NULL dereference in rt6_probe() syzbot caught a NULL dereference in rt6_probe() [1] Bail out if __in6_dev_get() returns NULL. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000cb: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in ran

CVE-2024-46802 [MEDIUM] CVE-2024-46802: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dc_validate_stream [Why] prevent invalid memory access [How] check if dc and stream are NULL Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: open forky: resolved (fixed in 6.10.9-1) sid: resolved (fixed in 6.10.9-1) trixie: resolved (fixed

CVE-2024-46777 [MEDIUM] CVE-2024-46777: linux - In the Linux kernel, the following vulnerability has been resolved: udf: Avoid ... In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we cannot safely index bits in a block bitmap. Scope: local bookworm: resolved (fixed in 6.1

CVE-2024-43098 [MEDIUM] CVE-2024-43098: linux - In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3... In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the i3c_master_register() acquires &i3cbus->lock twice. See the log below. Use i3cdev->desc->info instead of calling i3c_device_info() to avoid acquiring the lock twice. v2: - Modified

CVE-2024-43871 [MEDIUM] CVE-2024-43871: linux - In the Linux kernel, the following vulnerability has been resolved: devres: Fix... In the Linux kernel, the following vulnerability has been resolved: devres: Fix memory leakage caused by driver API devm_free_percpu() It will cause memory leakage when use driver API devm_free_percpu() to free memory allocated by devm_alloc_percpu(), fixed by using devres_release() instead of devres_destroy() within devm_free_percpu(). Scope: local bookworm: resolv

CVE-2024-49927 [MEDIUM] CVE-2024-49927: linux - In the Linux kernel, the following vulnerability has been resolved: x86/ioapic:... In the Linux kernel, the following vulnerability has been resolved: x86/ioapic: Handle allocation failures gracefully Breno observed panics when using failslab under certain conditions during runtime: can not alloc irq_pin_list (-1,0,20) Kernel panic - not syncing: IO-APIC: failed to add irq-pin. Can not proceed panic+0x4e9/0x590 mp_irqdomain_alloc+0x9ab/0xa80 irq_d

CVE-2024-42102 [MEDIUM] CVE-2024-42102: linux - In the Linux kernel, the following vulnerability has been resolved: Revert "mm/... In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit into 32-bits. This patch series makes sure this is true (see patch 2/2 for more details). This

CVE-2024-50200 [MEDIUM] CVE-2024-50200: linux - In the Linux kernel, the following vulnerability has been resolved: maple_tree:... In the Linux kernel, the following vulnerability has been resolved: maple_tree: correct tree corruption on spanning store Patch series "maple_tree: correct tree corruption on spanning store", v3. There has been a nasty yet subtle maple tree corruption bug that appears to have been in existence since the inception of the algorithm. This bug seems far more likely to h

CVE-2024-53180 [MEDIUM] CVE-2024-53180: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: ... In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: r

CVE-2024-47754 [MEDIUM] CVE-2024-47754: linux - In the Linux kernel, the following vulnerability has been resolved: media: medi... In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: resolved forky: resolved (fixed in 6.11.2-1) sid: re

CVE-2024-56718 [MEDIUM] CVE-2024-56718: linux - In the Linux kernel, the following vulnerability has been resolved: net/smc: pr... In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work, and put the reference after work executed or canceled. The relevant c

CVE-2024-50160 [MEDIUM] CVE-2024-50160: linux - In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/c... In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a hda_fixup function which is not supposed to return any errors, add simple check before dere

CVE-2024-40984 [MEDIUM] CVE-2024-40984: linux - In the Linux kernel, the following vulnerability has been resolved: ACPICA: Rev... In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The initial purpose of this commit was to stop memory mappings for operation regions from overlap

CVE-2024-47713 [MEDIUM] CVE-2024-47713: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80... In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() Since '__dev_queue_xmit()' should be called with interrupts enabled, the following backtrace: ieee80211_do_stop() ... spin_lock_irqsave(&local->queue_stop_reason_lock, flags) ... ieee80211_free_txskb() ieee80211_report_used_skb() i

CVE-2024-49856 [MEDIUM] CVE-2024-49856: linux - In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fi... In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Fix deadlock in SGX NUMA node search When the current node doesn't have an EPC section configured by firmware and all other EPC sections are used up, CPU can get stuck inside the while loop that looks for an available EPC page from remote nodes indefinitely, leading to a soft lockup. Note h

CVE-2024-45008 [MEDIUM] CVE-2024-45008: linux - In the Linux kernel, the following vulnerability has been resolved: Input: MT -... In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this patch chose 1024. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (f

CVE-2024-56722 [MEDIUM] CVE-2024-56722: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: F... In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots of printings, and it may lead to a cpu stuck. Delete some unnecessary pr

CVE-2024-56745 [MEDIUM] CVE-2024-56745: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: Fix re... In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reset_method_store() memory leak In reset_method_store(), a string is allocated via kstrndup() and assigned to the local "options". options is then used in with strsep() to find spaces: while ((name = strsep(&options, " ")) != NULL) { If there are no remaining spaces, then options is set to

CVE-2024-42124 [MEDIUM] CVE-2024-42124: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qedf:... In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. This results in BUG_ON() when running an RT kernel. [ 659.343280] BUG: using smp_processor_id() in preemptible [00000000] code: sg_reset/3646 [ 659.343282] caller is qedf_