Debian Linux-6.1 vulnerabilities

CVE-2024-46781 [MEDIUM] CVE-2024-46781: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix... In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix missing cleanup on rollforward recovery error In an error injection test of a routine for mount-time recovery, KASAN found a use-after-free bug. It turned out that if data recovery was performed using partial logs created by dsync writes, but an error occurred before starting the log wri

CVE-2024-49863 [MEDIUM] CVE-2024-49863: linux - In the Linux kernel, the following vulnerability has been resolved: vhost/scsi:... In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() Since commit 3f8ca2e115e5 ("vhost/scsi: Extract common handling code from control queue handler") a null pointer dereference bug can be triggered when guest sends an SCSI AN request. In vhost_scsi_ctl_handle_vq(), `vc.target` is assigned with

CVE-2024-44948 [MEDIUM] CVE-2024-44948: linux - In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: C... In the Linux kernel, the following vulnerability has been resolved: x86/mtrr: Check if fixed MTRRs exist before saving them MTRRs have an obsolete fixed variant for fine grained caching control of the 640K-1MB region that uses separate MSRs. This fixed variant has a separate capability bit in the MTRR capability MSR. So far all x86 CPUs which support MTRR have this

CVE-2024-42245 [MEDIUM] CVE-2024-42245: linux - In the Linux kernel, the following vulnerability has been resolved: Revert "sch... In the Linux kernel, the following vulnerability has been resolved: Revert "sched/fair: Make sure to try to detach at least one movable task" This reverts commit b0defa7ae03ecf91b8bfd10ede430cff12fcbd06. b0defa7ae03ec changed the load balancing logic to ignore env.max_loop if all tasks examined to that point were pinned. The goal of the patch was to make it more lik

CVE-2024-41002 [MEDIUM] CVE-2024-41002: linux - In the Linux kernel, the following vulnerability has been resolved: crypto: his... In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - Fix memory leak for sec resource release The AIV is one of the SEC resources. When releasing resources, it need to release the AIV resources at the same time. Otherwise, memory leakage occurs. The aiv resource release is added to the sec resource release function. Scope: loca

CVE-2024-47408 [MEDIUM] CVE-2024-47408: linux - In the Linux kernel, the following vulnerability has been resolved: net/smc: ch... In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong ad

CVE-2024-42232 [MEDIUM] CVE-2024-42232: linux - In the Linux kernel, the following vulnerability has been resolved: libceph: fi... In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can requeue the delayed work which wouldn't be canceled by any of the following code in case that

CVE-2024-58080 [MEDIUM] CVE-2024-58080: linux - In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ... In the Linux kernel, the following vulnerability has been resolved: clk: qcom: dispcc-sm6350: Add missing parent_map for a clock If a clk_rcg2 has a parent, it should also have parent_map defined, otherwise we'll get a NULL pointer dereference when calling clk_set_rate like the following: [ 3.388105] Call trace: [ 3.390664] qcom_find_src_index+0x3c/0x70 (P) [ 3.3953

CVE-2024-50208 [MEDIUM] CVE-2024-50208: linux - In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_r... In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (contiguous pages in the case of > PAGE_SIZE), but, current logic assumes multiple pages, lead

CVE-2024-46717 [MEDIUM] CVE-2024-46717: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: ... In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: SHAMPO, Fix incorrect page release Under the following conditions: 1) No skb created yet 2) header_size == 0 (no SHAMPO header) 3) header_index + 1 % MLX5E_SHAMPO_WQ_HEADER_PER_PAGE == 0 (this is the last page fragment of a SHAMPO header page) a new skb is formed with a page that is NOT a

CVE-2024-42304 [MEDIUM] CVE-2024-42304: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: make ... In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creating files in this directory in the following flow. ext4_mknod ... ext4_add_entry // Read bl

CVE-2024-50156 [MEDIUM] CVE-2024-50156: linux - In the Linux kernel, the following vulnerability has been resolved: drm/msm: Av... In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed then `block->state` can be NULL. The msm_disp_state_print_regs() function _does_ have code to try to handle it with: if (*reg) dump_addr = *reg; ...but since "dump_addr" is initializ

CVE-2024-49952 [MEDIUM] CVE-2024-49952: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted by the splat is not enough, we have to disable soft interrupts as well. [1] BUG: using __thi

CVE-2024-56589 [MEDIUM] CVE-2024-56589: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_... In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/

CVE-2024-42265 [MEDIUM] CVE-2024-42265: linux - In the Linux kernel, the following vulnerability has been resolved: protect the... In the Linux kernel, the following vulnerability has been resolved: protect the fetch of ->fd[fd] in do_dup2() from mispredictions both callers have verified that fd is not greater than ->max_fds; however, misprediction might end up with tofree = fdt->fd[fd]; being speculatively executed. That's wrong for the same reasons why it's wrong in close_fd()/file_close_fd_l

CVE-2024-42095 [MEDIUM] CVE-2024-42095: linux - In the Linux kernel, the following vulnerability has been resolved: serial: 825... In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply Errata i2310 solution. [0] https://www.ti.com/lit/pdf/sprz536 page 23 Scope: local bookwo

CVE-2024-53122 [MEDIUM] CVE-2024-53122: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: cope... In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call

CVE-2024-56586 [MEDIUM] CVE-2024-56586: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f... In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on as below: ------------[ cut here

CVE-2024-50069 [MEDIUM] CVE-2024-50069: linux - In the Linux kernel, the following vulnerability has been resolved: pinctrl: ap... In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code review. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: resolved forky: resolve

CVE-2024-56703 [MEDIUM] CVE-2024-56703: linux - In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix s... In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, these routers continuously update BGP-advertised routes due to frequently changing nexthop