Debian Linux-6.1 vulnerabilities

CVE-2024-53217 [MEDIUM] CVE-2024-53217: linux - In the Linux kernel, the following vulnerability has been resolved: NFSD: Preve... In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved (f

CVE-2024-56643 [MEDIUM] CVE-2024-56643: linux - In the Linux kernel, the following vulnerability has been resolved: dccp: Fix m... In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreference

CVE-2024-56567 [MEDIUM] CVE-2024-56567: linux - In the Linux kernel, the following vulnerability has been resolved: ad7780: fix... In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not

CVE-2024-42140 [MEDIUM] CVE-2024-42140: linux - In the Linux kernel, the following vulnerability has been resolved: riscv: kexe... In the Linux kernel, the following vulnerability has been resolved: riscv: kexec: Avoid deadlock in kexec crash path If the kexec crash code is called in the interrupt context, the machine_kexec_mask_interrupts() function will trigger a deadlock while trying to acquire the irqdesc spinlock and then deactivate irqchip in irq_set_irqchip_state() function. Unlike arm64

CVE-2024-49859 [MEDIUM] CVE-2024-49859: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix t... In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to check atomic_file in f2fs ioctl interfaces Some f2fs ioctl interfaces like f2fs_ioc_set_pin_file(), f2fs_move_file_range(), and f2fs_defragment_range() missed to check atomic_write status, which may cause potential race issue, fix it. Scope: local bookworm: resolved (fixed in 6.1.115-1)

CVE-2024-50093 [MEDIUM] CVE-2024-50093: linux - In the Linux kernel, the following vulnerability has been resolved: thermal: in... In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on driver detach. Thus there is no need to call pci_disable_device() again on it. With recent PCI

CVE-2024-50202 [MEDIUM] CVE-2024-50202: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: pro... In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entry(), which searches for directory entries, ignores errors when loading a directory page/fol

CVE-2024-49935 [MEDIUM] CVE-2024-49935: linux - In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: ... In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exit_round_robin() The kernel occasionally crashes in cpumask_clear_cpu(), which is called within exit_round_robin(), because when executing clear_bit(nr, addr) with nr set to 0xffffffff, the address calculation may cause misalignment within the memory, leading to access to a

CVE-2024-50284 [MEDIUM] CVE-2024-50284: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix ... In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix the missing xa_store error check xa_store() can fail, it return xa_err(-EINVAL) if the entry cannot be stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed, so check error for xa_store() to fix it. Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved fork

CVE-2024-53127 [MEDIUM] CVE-2024-53127: linux - In the Linux kernel, the following vulnerability has been resolved: Revert "mmc... In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Pan

CVE-2024-42297 [MEDIUM] CVE-2024-42297: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix t... In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to don't dirty inode for readonly filesystem syzbot reports f2fs bug as below: kernel BUG at fs/f2fs/inode.c:933! RIP: 0010:f2fs_evict_inode+0x1576/0x1590 fs/f2fs/inode.c:933 Call Trace: evict+0x2a4/0x620 fs/inode.c:664 dispose_list fs/inode.c:697 [inline] evict_inodes+0x5f8/0x690 fs/inode

CVE-2024-56701 [MEDIUM] CVE-2024-56701: linux - In the Linux kernel, the following vulnerability has been resolved: powerpc/pse... In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc/powerpc/vcpudispatch_stats BUG: sleeping function called from invalid context at include/lin

CVE-2024-56572 [MEDIUM] CVE-2024-56572: linux - In the Linux kernel, the following vulnerability has been resolved: media: plat... In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer when allegro_alloc_buffer fails. Scope: local bookworm: resolved (fix

CVE-2024-40993 [MEDIUM] CVE-2024-40993: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix suspicious rcu_dereference_protected() When destroying all sets, we are either in pernet exit phase or are executing a "destroy all sets command" from userspace. The latter was taken into account in ip_set_dereference() (nfnetlink mutex is held), but the former was not. The pat

CVE-2024-49985 [MEDIUM] CVE-2024-49985: linux - In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f... In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec, then an I2C transfer triggered from the clock controller clk_ops .prepare callback may tr

CVE-2024-43846 [MEDIUM] CVE-2024-43846: linux - In the Linux kernel, the following vulnerability has been resolved: lib: objagg... In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation happens in two cases: Without and with hints, where hints are a pre-computed recommendation

CVE-2024-42114 [MEDIUM] CVE-2024-42114: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80... In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_sched: fq: do not accept silly TCA_FQ_QUANTUM") watchdog: BUG: soft lockup - CPU#1 stuck fo

CVE-2024-42082 [MEDIUM] CVE-2024-42082: linux - In the Linux kernel, the following vulnerability has been resolved: xdp: Remove... In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: 1. memory allocation fails; 2. rhashtable_init() fails when some fields of rhashtable_params

CVE-2024-53226 [MEDIUM] CVE-2024-53226: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: F... In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() ib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument. The driver needs to check whether it is a NULL pointer before dereferencing it. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved (fixed in 5.10.2

CVE-2024-44966 [MEDIUM] CVE-2024-44966: linux - In the Linux kernel, the following vulnerability has been resolved: binfmt_flat... In the Linux kernel, the following vulnerability has been resolved: binfmt_flat: Fix corruption when not offsetting data start Commit 04d82a6d0881 ("binfmt_flat: allow not offsetting data start") introduced a RISC-V specific variant of the FLAT format which does not allocate any space for the (obsolete) array of shared library pointers. However, it did not disable t