Debian Linux-6.1 vulnerabilities

CVE-2024-42252 [MEDIUM] CVE-2024-42252: linux - In the Linux kernel, the following vulnerability has been resolved: closures: C... In the Linux kernel, the following vulnerability has been resolved: closures: Change BUG_ON() to WARN_ON() If a BUG_ON() can be hit in the wild, it shouldn't be a BUG_ON() For reference, this has popped up once in the CI, and we'll need more info to debug it: 03240 ------------[ cut here ]------------ 03240 kernel BUG at lib/closure.c:21! 03240 kernel BUG at lib/clo

CVE-2024-56690 [MEDIUM] CVE-2024-56690: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: pcr... In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated whe

CVE-2024-42281 [MEDIUM] CVE-2024-42281: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a ... In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a segment issue when downgrading gso_size Linearize the skb when downgrading gso_size because it may trigger a BUG_ON() later when the skb is segmented as described in [1,2]. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved (fixed

CVE-2024-46822 [MEDIUM] CVE-2024-46822: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: acpi... In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry In a review discussion of the changes to support vCPU hotplug where a check was added on the GICC being enabled if was online, it was noted that there is need to map back to the cpu and use that to index into a cpumask. As such, a v

CVE-2024-43869 [MEDIUM] CVE-2024-43869: linux - In the Linux kernel, the following vulnerability has been resolved: perf: Fix e... In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via free_event() directly, this can potentially result in a leaked event, such as in the following scenario that doesn't even require a w

CVE-2024-47756 [MEDIUM] CVE-2024-47756: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: keysto... In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix if-statement expression in ks_pcie_quirk() This code accidentally uses && where || was intended. It potentially results in a NULL dereference. Thus, fix the if-statement expression to use the correct condition. [kwilczynski: commit log] Scope: local bookworm: resolved (fixed in 6.

CVE-2024-41016 [MEDIUM] CVE-2024-41016: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: stri... In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. Scope: local bo

CVE-2024-50145 [MEDIUM] CVE-2024-50145: linux - In the Linux kernel, the following vulnerability has been resolved: octeon_ep: ... In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer dereference. __octep_oq_process_rx() is called during NAPI polling by the driver. If skb alloca

CVE-2024-43861 [MEDIUM] CVE-2024-43861: linux - In the Linux kernel, the following vulnerability has been resolved: net: usb: q... In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved (fixed in 6.10.6-1) sid: resolved (fixed in 6.10.6-1) trixie: resolved (fixed in 6.10.6

CVE-2024-56629 [MEDIUM] CVE-2024-56629: linux - In the Linux kernel, the following vulnerability has been resolved: HID: wacom:... In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 m

CVE-2024-39472 [MEDIUM] CVE-2024-39472: linux - In the Linux kernel, the following vulnerability has been resolved: xfs: fix lo... In the Linux kernel, the following vulnerability has been resolved: xfs: fix log recovery buffer allocation for the legacy h_size fixup Commit a70f9fe52daa ("xfs: detect and handle invalid iclog size set by mkfs") added a fixup for incorrect h_size values used for the initial umount record in old xfsprogs versions. Later commit 0c771b99d6c9 ("xfs: clean up calculati

CVE-2024-56767 [MEDIUM] CVE-2024-56767: linux - In the Linux kernel, the following vulnerability has been resolved: dmaengine: ... In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid th

CVE-2024-40988 [MEDIUM] CVE-2024-40988: linux - In the Linux kernel, the following vulnerability has been resolved: drm/radeon:... In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix UBSAN warning in kv_dpm.c Adds bounds check for sumo_vid_mapping_entry. Scope: local bookworm: resolved (fixed in 6.1.99-1) bullseye: resolved (fixed in 5.10.221-1) forky: resolved (fixed in 6.9.7-1) sid: resolved (fixed in 6.9.7-1) trixie: resolved (fixed in 6.9.7-1)

CVE-2024-50251 [MEDIUM] CVE-2024-50251: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally subtracts the length parameter while iterating over skbuff, BUG_ON(len) at the end of it ch

CVE-2024-42312 [MEDIUM] CVE-2024-42312: linux - In the Linux kernel, the following vulnerability has been resolved: sysctl: alw... In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of i_uid/i_gid on /proc/sys inodes.") added defaults for i_uid/i_gid when set_ownership() was

CVE-2024-49948 [MEDIUM] CVE-2024-49948: linux - In the Linux kernel, the following vulnerability has been resolved: net: add mo... In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure it is at least 20 bytes. It is possible for an user to provide a malicious 'GSO' packet, t

CVE-2024-42069 [MEDIUM] CVE-2024-42069: linux - In the Linux kernel, the following vulnerability has been resolved: net: mana: ... In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix possible double free in error handling path When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function adev_release calls kfree(madev). We shouldn't call kfree(madev) again in the error handling path. Set 'madev' to NULL. Scope: local bookwor

CVE-2024-43832 [MEDIUM] CVE-2024-43832: linux - In the Linux kernel, the following vulnerability has been resolved: s390/uv: Do... In the Linux kernel, the following vulnerability has been resolved: s390/uv: Don't call folio_wait_writeback() without a folio reference folio_wait_writeback() requires that no spinlocks are held and that a folio reference is held, as documented. After we dropped the PTL, the folio could get freed concurrently. So grab a temporary reference. Scope: local bookworm: r

CVE-2024-53175 [MEDIUM] CVE-2024-53175: linux - In the Linux kernel, the following vulnerability has been resolved: ipc: fix me... In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msg_init_ns failed in create_ipc_ns Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure. Here is the kmemleak stack when p

CVE-2024-42258 [MEDIUM] CVE-2024-42258: linux - In the Linux kernel, the following vulnerability has been resolved: mm: huge_me... In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: use !CONFIG_64BIT to relax huge page alignment on 32 bit machines Yves-Alexis Perez reported commit 4ef9ad19e176 ("mm: huge_memory: don't force huge page alignment on 32 bit") didn't work for x86_32 [1]. It is because x86_32 uses CONFIG_X86_32 instead of CONFIG_32BIT. !CONFIG_64BIT