Debian Linux-6.1 vulnerabilities

CVE-2024-41063 [MEDIUM] CVE-2024-41063: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() syzbot is reporting that calling hci_release_dev() from hci_error_reset() due to hci_dev_put() from hci_error_reset() can cause deadlock at destroy_workqueue(), for hci_error_reset() is called from hdev->req_workqueue which destroy_work

CVE-2024-42310 [MEDIUM] CVE-2024-42310: linux - In the Linux kernel, the following vulnerability has been resolved: drm/gma500:... In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode_duplicate(). Add a check to avoid npd. Scope: local bookworm: resolve

CVE-2024-46677 [MEDIUM] CVE-2024-46677: linux - In the Linux kernel, the following vulnerability has been resolved: gtp: fix a ... In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it by returning an error pointer with the error code carried from sockfd_lookup(). (I found t

CVE-2024-50232 [MEDIUM] CVE-2024-50232: linux - In the Linux kernel, the following vulnerability has been resolved: iio: adc: a... In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() In the ad7124_write_raw() function, parameter val can potentially be zero. This may lead to a division by zero when DIV_ROUND_CLOSEST() is called within ad7124_set_channel_odr(). The ad7124_write_raw() function is invoked through the

CVE-2024-57874 [MEDIUM] CVE-2024-57874: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: ptra... In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potential

CVE-2024-58001 [MEDIUM] CVE-2024-58001: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: hand... In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle a symlink read error correctly Patch series "Convert ocfs2 to use folios". Mark did a conversion of ocfs2 to use folios and sent it to me as a giant patch for review ;-) So I've redone it as individual patches, and credited Mark for the patches where his code is substantially the same.

CVE-2024-50056 [MEDIUM] CVE-2024-50056: linux - In the Linux kernel, the following vulnerability has been resolved: usb: gadget... In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Fix ERR_PTR dereference in uvc_v4l2.c Fix potential dereferencing of ERR_PTR() in find_format_by_pix() and uvc_v4l2_enum_format(). Fix the following smatch errors: drivers/usb/gadget/function/uvc_v4l2.c:124 find_format_by_pix() error: 'fmtdesc' dereferencing possible ERR_PTR() driv

CVE-2024-47720 [MEDIUM] CVE-2024-47720: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn30_set_output_transfer_func function. Previously, set_output_gamma was being checked for nullity at line 386, but then it was being

CVE-2024-49911 [MEDIUM] CVE-2024-49911: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func This commit adds a null check for the set_output_gamma function pointer in the dcn20_set_output_transfer_func function. Previously, set_output_gamma was being checked for null at line 1030, but then it was being d

CVE-2024-42223 [MEDIUM] CVE-2024-42223: linux - In the Linux kernel, the following vulnerability has been resolved: media: dvb-... In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. Scope: local bookworm: resolved (fixed in 6.1.98-1) bullseye: resolved (fixed in 5.10.223-1

CVE-2024-42142 [MEDIUM] CVE-2024-42142: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E... In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-switch, Create ingress ACL when needed Currently, ingress acl is used for three features. It is created only when vport metadata match and prio tag are enabled. But active-backup lag mode also uses it. It is independent of vport metadata match and prio tag. And vport metadata match can b

CVE-2024-46695 [MEDIUM] CVE-2024-46695: linux - In the Linux kernel, the following vulnerability has been resolved: selinux,sma... In the Linux kernel, the following vulnerability has been resolved: selinux,smack: don't bypass permissions check in inode_setsecctx hook Marek Gresko reports that the root user on an NFS client is able to change the security labels on files on an NFS filesystem that is exported with root squashing enabled. The end of the kerneldoc comment for __vfs_setxattr_noperm(

CVE-2024-42229 [MEDIUM] CVE-2024-42229: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: aea... In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish this by using kfree_sensitive for buffers that previously held the private key. Scope: loca

CVE-2024-53161 [MEDIUM] CVE-2024-53161: linux - In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefi... In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calcul

CVE-2024-53066 [MEDIUM] CVE-2024-53066: linux - In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KM... In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decode_getfattr_attrs() Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ============================================

CVE-2024-36478 [MEDIUM] CVE-2024-36478: linux - In the Linux kernel, the following vulnerability has been resolved: null_blk: f... In the Linux kernel, the following vulnerability has been resolved: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' Writing 'power' and 'submit_queues' concurrently will trigger kernel panic: Test script: modprobe null_blk nr_devices=0 mkdir -p /sys/kernel/config/nullb/nullb0 while true; do echo 1 > submit_queues; echo 4 > submit_que

CVE-2024-42237 [MEDIUM] CVE-2024-42237: linux - In the Linux kernel, the following vulnerability has been resolved: firmware: c... In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer w

CVE-2024-46711 [MEDIUM] CVE-2024-46711: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ... In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix ID 0 endp usage after multiple re-creations 'local_addr_used' and 'add_addr_accepted' are decremented for addresses not related to the initial subflow (ID0), because the source and destination addresses of the initial subflows are known from the beginning: they don't count as "additio

CVE-2024-50196 [MEDIUM] CVE-2024-50196: linux - In the Linux kernel, the following vulnerability has been resolved: pinctrl: oc... In the Linux kernel, the following vulnerability has been resolved: pinctrl: ocelot: fix system hang on level based interrupts The current implementation only calls chained_irq_enter() and chained_irq_exit() if it detects pending interrupts. ``` for (i = 0; i stride; i++) { uregmap_read(info->map, id_reg + 4 * i, ®); if (!reg) continue; chained_irq_enter(parent_chip

CVE-2024-50022 [MEDIUM] CVE-2024-50022: linux - In the Linux kernel, the following vulnerability has been resolved: device-dax:... In the Linux kernel, the following vulnerability has been resolved: device-dax: correct pgoff align in dax_set_mapping() pgoff should be aligned using ALIGN_DOWN() instead of ALIGN(). Otherwise, vmf->address not aligned to fault_size will be aligned to the next alignment, that can result in memory failure getting the wrong address. It's a subtle situation that only