Debian Linux-6.1 vulnerabilities

CVE-2024-50210 [MEDIUM] CVE-2024-50210: linux - In the Linux kernel, the following vulnerability has been resolved: posix-clock... In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the lock to make the lock balance and fput the clockid's fd to make the refcount balance and r

CVE-2024-57807 [MEDIUM] CVE-2024-57807: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: megar... In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset_mutex); lock(&shost->scan_mutex); lock(&instance->reset_mutex); lock(&shost->scan_mutex); Fix this by temporarily releasing the reset_mutex.

CVE-2024-56610 [MEDIUM] CVE-2024-56610: linux - In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn... In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: sw

CVE-2024-42109 [MEDIUM] CVE-2024-42109: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nft_ctx_update include/net/netfilter/nf_tables.h:1831 KASAN: slab-uaf in nft_commit_release net/netfilter/nf_tables_api.c:9530 KASAN: slab-uaf int nf_tables_trans_destroy_work+0x152b/0x1750 ne

CVE-2024-57802 [MEDIUM] CVE-2024-57802: linux - In the Linux kernel, the following vulnerability has been resolved: netrom: che... In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5

CVE-2024-46848 [MEDIUM] CVE-2024-46848: linux - In the Linux kernel, the following vulnerability has been resolved: perf/x86/in... In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perfevents: irq loop stuck! WARNING: CPU: 31 PID: 32438 at arch/x86/events/intel/core.c:3174 intel_pmu_handle_irq+0x285/0x370 Call Trace: ? __warn+0xa4/0x220 ? intel_pmu_handle

CVE-2024-56746 [MEDIUM] CVE-2024-56746: linux - In the Linux kernel, the following vulnerability has been resolved: fbdev: sh77... In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() When information such as info->screen_base is not ready, calling sh7760fb_free_mem() does not release memory correctly. Call dma_free_coherent() instead. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: open forky: res

CVE-2024-42084 [MEDIUM] CVE-2024-42084: linux - In the Linux kernel, the following vulnerability has been resolved: ftruncate: ... In the Linux kernel, the following vulnerability has been resolved: ftruncate: pass a signed offset The old ftruncate() syscall, using the 32-bit off_t misses a sign extension when called in compat mode on 64-bit architectures. As a result, passing a negative length accidentally succeeds in truncating to file size between 2GiB and 4GiB. Changing the type of the comp

CVE-2024-50302 [MEDIUM] CVE-2024-50302: linux - In the Linux kernel, the following vulnerability has been resolved: HID: core: ... In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. Scope: local bookworm: resolved (fixed in 6.1.1

CVE-2024-46702 [MEDIUM] CVE-2024-46702: linux - In the Linux kernel, the following vulnerability has been resolved: thunderbolt... In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is

CVE-2024-42106 [MEDIUM] CVE-2024-42106: linux - In the Linux kernel, the following vulnerability has been resolved: inet_diag: ... In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. This field corresponds to the sdiag_raw_protocol field in struct inet_diag_req_raw. inet_

CVE-2024-46780 [MEDIUM] CVE-2024-46780: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: pro... In the Linux kernel, the following vulnerability has been resolved: nilfs2: protect references to superblock parameters exposed in sysfs The superblock buffers of nilfs2 can not only be overwritten at runtime for modifications/repairs, but they are also regularly swapped, replaced during resizing, and even abandoned when degrading to one side due to backing device i

CVE-2024-53140 [MEDIUM] CVE-2024-53140: linux - In the Linux kernel, the following vulnerability has been resolved: netlink: te... In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual dump helper, keeps getting called until it returns 0 - done - (optional) pairs with .start, c

CVE-2024-56756 [MEDIUM] CVE-2024-56756: linux - In the Linux kernel, the following vulnerability has been resolved: nvme-pci: f... In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned fo

CVE-2024-50252 [MEDIUM] CVE-2024-50252: linux - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spec... In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote address of an ip6gre net device never worked properly, but since cited commit the following rep

CVE-2024-56754 [MEDIUM] CVE-2024-56754: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: caa... In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_shutdown() The type of the last parameter given to devm_add_action_or_reset() is "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to "struct device *". Pass the correct parameter to devm_add_action_or_reset() so that the resources

CVE-2024-39371 [MEDIUM] CVE-2024-39371: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring: c... In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The trace leading to that looks as follows: BUG: kernel NULL pointer dereference, address: 00

CVE-2024-50168 [MEDIUM] CVE-2024-50168: linux - In the Linux kernel, the following vulnerability has been resolved: net/sun3_82... In the Linux kernel, the following vulnerability has been resolved: net/sun3_82586: fix potential memory leak in sun3_82586_send_packet() The sun3_82586_send_packet() returns NETDEV_TX_OK without freeing skb in case of skb->len being too long, add dev_kfree_skb() to fix it. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: open forky: resolved (fixed in

CVE-2024-53112 [MEDIUM] CVE-2024-53112: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: unca... In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_

CVE-2024-53120 [MEDIUM] CVE-2024-53120: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ... In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 00