Debian Linux-6.1 vulnerabilities

CVE-2024-58068 [MEDIUM] CVE-2024-58068: linux - In the Linux kernel, the following vulnerability has been resolved: OPP: fix de... In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because the interconnect properties were missing in the OPP consumer node, the kernel will crash wi

CVE-2024-42122 [MEDIUM] CVE-2024-42122: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer check for kzalloc [Why & How] Check return pointer of kzalloc before using it. Scope: local bookworm: resolved (fixed in 6.1.129-1) bullseye: open forky: resolved (fixed in 6.9.9-1) sid: resolved (fixed in 6.9.9-1) trixie: resolved (fixed in 6.9.9-1)

CVE-2024-50245 [MEDIUM] CVE-2024-50245: linux - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: F... In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in mi_read Mutex lock with another subclass used in ni_lock_dir(). Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved forky: resolved (fixed in 6.11.7-1) sid: resolved (fixed in 6.11.7-1) trixie: resolved (fixed in 6.11.7-1)

CVE-2024-42267 [MEDIUM] CVE-2024-42267: linux - In the Linux kernel, the following vulnerability has been resolved: riscv/mm: A... In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don't BUG() the kernel. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: open forky: resolved (fixed in 6.10.4-1) sid: resolved (f

CVE-2024-38632 [MEDIUM] CVE-2024-38632: linux - In the Linux kernel, the following vulnerability has been resolved: vfio/pci: f... In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix potential memory leak in vfio_intx_enable() If vfio_irq_ctx_alloc() failed will lead to 'name' memory leak. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: open forky: resolved (fixed in 6.9.7-1) sid: resolved (fixed in 6.9.7-1) trixie: resolved (fixed in 6.9.7-1)

CVE-2024-41062 [MEDIUM] CVE-2024-41062: linux - In the Linux kernel, the following vulnerability has been resolved: bluetooth/l... In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection. CPU0 CPU1 ---- ---- sock_close hci_rx_work l2cap_sock_release hci_acldata_packet l2cap_s

CVE-2024-56716 [MEDIUM] CVE-2024-56716: linux - In the Linux kernel, the following vulnerability has been resolved: netdevsim: ... In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.12.8-1) sid: resolved (fixed in 6.12.8-1)

CVE-2024-45009 [MEDIUM] CVE-2024-45009: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ... In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only decrement add_addr_accepted for MPJ req Adding the following warning ... WARN_ON_ONCE(msk->pm.add_addr_accepted == 0) ... before decrementing the add_addr_accepted counter helped to find a bug when running the "remove single subflow" subtest from the mptcp_join.sh selftest. Removing

CVE-2024-41001 [MEDIUM] CVE-2024-41001: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/sq... In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: work around a potential audit memory leak kmemleak complains that there's a memory leak related to connect handling: unreferenced object 0xffff0001093bdf00 (size 128): comm "iou-sqp-455", pid 457, jiffies 4294894164 hex dump (first 32 bytes): 02 00 fa ea 7f 00 00 01 00 00 00 00 00 0

CVE-2024-50192 [MEDIUM] CVE-2024-50192: linux - In the Linux kernel, the following vulnerability has been resolved: irqchip/gic... In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE Kunkun Jiang reported that there is a small window of opportunity for userspace to force a change of affinity for a VPE while the VPE has already been unmapped, but the corresponding doorbell interrupt still visible in /proc/irq/. Plug the race by c

CVE-2024-57946 [MEDIUM] CVE-2024-57946: linux - In the Linux kernel, the following vulnerability has been resolved: virtio-blk:... In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM callbacks. And the motivation is to drain inflight IOs before suspending. block layer's queu

CVE-2024-46676 [MEDIUM] CVE-2024-46676: linux - In the Linux kernel, the following vulnerability has been resolved: nfc: pn533:... In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_poll(). But then after pn533_poll_create_mod_list() call in pn533_start_poll() poll mod lis

CVE-2024-53154 [MEDIUM] CVE-2024-53154: linux - In the Linux kernel, the following vulnerability has been resolved: clk: clk-ap... In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved forky: resolved (fixed in 6.12.3-1) sid: resolved (fixed in 6.12.3-1) trixie: resolved (fixed

CVE-2024-56585 [MEDIUM] CVE-2024-56585: linux - In the Linux kernel, the following vulnerability has been resolved: LoongArch: ... In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPT_RT Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic co

CVE-2024-35790 [MEDIUM] CVE-2024-35790: linux - In the Linux kernel, the following vulnerability has been resolved: usb: typec:... In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group The DisplayPort driver's sysfs nodes may be present to the userspace before typec_altmode_set_drvdata() completes in dp_altmode_probe. This means that a sysfs read can trigger a NULL pointer error by defe

CVE-2024-46855 [MEDIUM] CVE-2024-46855: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix sk refcount leaks We must put 'sk' reference before returning. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.10.244-1) forky: resolved (fixed in 6.10.11-1) sid: resolved (fixed in 6.10.11-1) trixie: resolved (fixed in 6.10.11-1)

CVE-2024-41038 [MEDIUM] CVE-2024-41038: linux - In the Linux kernel, the following vulnerability has been resolved: firmware: c... In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length strings in the algorithm block header. This means the overall header length is variable, a

CVE-2024-42152 [MEDIUM] CVE-2024-42152: linux - In the Linux kernel, the following vulnerability has been resolved: nvmet: fix ... In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler) and we need to release pending AERs, clear ctrl->sqs and sq->ctrl (for nvme-loop primari

CVE-2024-40937 [MEDIUM] CVE-2024-40937: linux - In the Linux kernel, the following vulnerability has been resolved: gve: Clear ... In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags returning a dangling pointer. Fix this by clearing napi->skb before the skb is freed. Sco

CVE-2024-47699 [MEDIUM] CVE-2024-47699: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix... In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() Patch series "nilfs2: fix potential issues with empty b-tree nodes". This series addresses three potential issues with empty b-tree nodes that can occur with corrupted filesystem images, including one recently discovered by syzbot. This pa