Debian Linux-6.1 vulnerabilities

CVE-2024-56636 [MEDIUM] CVE-2024-56636: linux - In the Linux kernel, the following vulnerability has been resolved: geneve: do ... In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 skb_mac_header include/linux/skbuff.h

CVE-2024-40967 [MEDIUM] CVE-2024-40967: linux - In the Linux kernel, the following vulnerability has been resolved: serial: imx... In the Linux kernel, the following vulnerability has been resolved: serial: imx: Introduce timeout when waiting on transmitter empty By waiting at most 1 second for USR2_TXDC to be set, we avoid a potential deadlock. In case of the timeout, there is not much we can do, so we simply ignore the transmitter state and optimistically try to continue. Scope: local bookwor

CVE-2024-46685 [MEDIUM] CVE-2024-46685: linux - In the Linux kernel, the following vulnerability has been resolved: pinctrl: si... In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of pointer 'function' in pcs_get_function(). Found by code review. Scope: local bookworm: resolv

CVE-2024-56579 [MEDIUM] CVE-2024-56579: linux - In the Linux kernel, the following vulnerability has been resolved: media: amph... In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved forky: reso

CVE-2024-46773 [MEDIUM] CVE-2024-46773: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check denominator pbn_div before used [WHAT & HOW] A denominator cannot be 0, and is checked before used. This fixes 1 DIVIDE_BY_ZERO issue reported by Coverity. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: open forky: resolved (fixed in 6.10.11-1) sid: resolved (f

CVE-2024-50265 [MEDIUM] CVE-2024-50265: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: remo... In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial t

CVE-2024-46826 [MEDIUM] CVE-2024-46826: linux - In the Linux kernel, the following vulnerability has been resolved: ELF: fix ke... In the Linux kernel, the following vulnerability has been resolved: ELF: fix kernel.randomize_va_space double read ELF loader uses "randomize_va_space" twice. It is sysctl and can change at any moment, so 2 loads could see 2 different values in theory with unpredictable consequences. Issue exactly one load for consistent value across one exec. Scope: local bookworm:

CVE-2024-57996 [MEDIUM] CVE-2024-57996: linux - In the Linux kernel, the following vulnerability has been resolved: net_sched: ... In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following syzkaller reported crash: UBSAN: array-index-out-of-bounds in net/sched/sch

CVE-2024-43855 [MEDIUM] CVE-2024-43855: linux - In the Linux kernel, the following vulnerability has been resolved: md: fix dea... In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in progress. It is a complex issue. T1. the first flush is at the ending stage, it clears 'mddev->flush_bio' and tries to submit data, but is blocked because mddev is suspended

CVE-2024-45019 [MEDIUM] CVE-2024-45019: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ... In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken. The referenced changed in the Fixes tag removed the lock to fix another issue. This patch adds it back but at a later point (when calling mlx5e_safe_reopen_channels()) to avoid the deadl

CVE-2024-42287 [MEDIUM] CVE-2024-42287: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x... In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: 0000 1 PREEMPT_RT SMP NOP

CVE-2024-43817 [MEDIUM] CVE-2024-43817: linux - In the Linux kernel, the following vulnerability has been resolved: net: missin... In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SKBTX_SHARED_FRAG flag is not set anywhere the __skb_linearize function will not be executed,

CVE-2024-56569 [MEDIUM] CVE-2024-56569: linux - In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix... In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command

CVE-2024-47749 [MEDIUM] CVE-2024-47749: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4:... In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Added NULL check for lookup_atid The lookup_atid() function can return NULL if the ATID is invalid or does not exist in the identifier table, which could lead to dereferencing a null pointer without a check in the `act_establish()` and `act_open_rpl()` functions. Add a NULL check to prev

CVE-2024-41022 [MEDIUM] CVE-2024-41022: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.223-1) forky: resolved (fixed in 6.9.12-1) sid: resolved (fixed in 6.9.12-1

CVE-2024-40943 [MEDIUM] CVE-2024-40943: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix ... In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix races between hole punching and AIO+DIO After commit "ocfs2: return real error code in ocfs2_dio_wr_get_block", fstests/generic/300 become from always failed to sometimes failed: ======================================================================== [ 473.293420 ] run fstests generic/30

CVE-2024-43859 [MEDIUM] CVE-2024-43859: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix t... In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate preallocated blocks in f2fs_file_open() chenyuwen reports a f2fs bug as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000011 fscrypt_set_bio_crypt_ctx+0x78/0x1e8 f2fs_grab_read_bio+0x78/0x208 f2fs_submit_page_read+0x44/0x154 f2fs_get_read_

CVE-2024-42322 [MEDIUM] CVE-2024-42322: linux - In the Linux kernel, the following vulnerability has been resolved: ipvs: prope... In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved (fixed in 5.10.237-1) forky: resolved (fixed in 6.1

CVE-2024-50163 [MEDIUM] CVE-2024-50163: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Make s... In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap The bpf_redirect_info is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri->flags field (specifically, BPF_F_BROADCAST == BPF_F_NEXTHOP). This means that if skb bpf_redirect_ne

CVE-2024-50292 [MEDIUM] CVE-2024-50292: linux - In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32... In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error