Debian Linux-6.1 vulnerabilities

CVE-2024-53105 [MEDIUM] CVE-2024-53105: linux - In the Linux kernel, the following vulnerability has been resolved: mm: page_al... In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapp

CVE-2024-47667 [MEDIUM] CVE-2024-47667: linux - In the Linux kernel, the following vulnerability has been resolved: PCI: keysto... In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) Errata #i2037 in AM65x/DRA80xM Processors Silicon Revision 1.0 (SPRZ452D_July 2018_Revised December 2019 [1]) mentions when an inbound PCIe TLP spans more than two internal AXI 128-byte bursts, the bus may corrupt the packet payload and

CVE-2024-45007 [MEDIUM] CVE-2024-45007: linux - In the Linux kernel, the following vulnerability has been resolved: char: xilly... In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situation is averted by adding a module-global workqueue for exclusive use of the offending wor

CVE-2024-46737 [MEDIUM] CVE-2024-46737: linux - In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: ... In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. nvmet: failed to install queue 0 cntlid 1 ret 6 Unable to handle kernel NULL pointer derefer

CVE-2024-46710 [MEDIUM] CVE-2024-46710: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:... In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Prevent unmapping active read buffers The kms paths keep a persistent map active to read and compare the cursor buffer. These maps can race with each other in simple scenario where: a) buffer "a" mapped for update b) buffer "a" mapped for compare c) do the compare d) unmap "a" for compar

CVE-2024-53110 [MEDIUM] CVE-2024-53110: linux - In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fi... In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved forky: resolved (fixed in

CVE-2024-50271 [MEDIUM] CVE-2024-50271: linux - In the Linux kernel, the following vulnerability has been resolved: signal: res... In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now it's enforced unconditionally, even if override_rlimit is set. This behavior change caused p

CVE-2024-58063 [MEDIUM] CVE-2024-58063: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwi... In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: fix memory leaks and invalid access at probe error path Deinitialize at reverse order when probe fails. When init_sw_vars fails, rtl_deinit_core should not be called, specially now that it destroys the rtl_wq workqueue. And call rtl_pci_deinit and deinit_sw_vars, otherwise, memory wil

CVE-2024-42259 [MEDIUM] CVE-2024-42259: linux - In the Linux kernel, the following vulnerability has been resolved: drm/i915/ge... In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix Virtual Memory mapping boundaries calculation Calculating the size of the mapped area as the lesser value between the requested size and the actual size does not consider the partial mapping offset. This can cause page fault access. Fix the calculation of the starting and ending ad

CVE-2024-53088 [MEDIUM] CVE-2024-53088: linux - In the Linux kernel, the following vulnerability has been resolved: i40e: fix r... In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac a

CVE-2024-45002 [MEDIUM] CVE-2024-45002: linux - In the Linux kernel, the following vulnerability has been resolved: rtla/osnois... In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved forky: resolved (fixed in 6.1

CVE-2024-50041 [MEDIUM] CVE-2024-50041: linux - In the Linux kernel, the following vulnerability has been resolved: i40e: Fix m... In the Linux kernel, the following vulnerability has been resolved: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash This patch addresses a macvlan leak issue in the i40e driver caused by concurrent access to vsi->mac_filter_hash. The leak occurs when multiple threads attempt to modify the mac_filter_hash simultaneously, leading to inconsistent stat

CVE-2024-45018 [MEDIUM] CVE-2024-45018: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved (fixed in 6.10.7-1) sid: resolved (fixed in 6.10.7-1) trixie: resolved (fixed in 6.10

CVE-2024-45029 [MEDIUM] CVE-2024-45029: linux - In the Linux kernel, the following vulnerability has been resolved: i2c: tegra:... In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 ... Call trace: __might_sleep _

CVE-2024-50058 [MEDIUM] CVE-2024-50058: linux - In the Linux kernel, the following vulnerability has been resolved: serial: pro... In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the commit assumes, uport can be NULL in there. But right after that protection, there is an unpr

CVE-2024-58086 [MEDIUM] CVE-2024-58086: linux - In the Linux kernel, the following vulnerability has been resolved: drm/v3d: St... In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor (`v3d->active_perfmon`) is being destroyed, stop it first. Currently, the active perfmon is not stopped during destruction, leaving the `v3d->active_perfmon` pointer stale. This can lead to undefined behavior and

CVE-2024-50147 [MEDIUM] CVE-2024-50147: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: F... In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In addition, mlx5_cmd_trigger_completions() is trying to trigger completion for MANAGE_PAGES command

CVE-2024-27017 [MEDIUM] CVE-2024-27017: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: walk over current view on netlink dump The generation mask can be updated while netlink dump is in progress. The pipapo set backend walk iterator cannot rely on it to infer what view of the datastructure is to be used. Add notation to specify if user wants to read/update t

CVE-2024-41093 [MEDIUM] CVE-2024-41093: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid using null object of framebuffer Instead of using state->fb->obj[0] directly, get object from framebuffer by calling drm_gem_fb_get_obj() and return error code when object is null to avoid using null object of framebuffer. Scope: local bookworm: resolved (fixed in 6.1.98-1) bullsey

CVE-2024-57997 [MEDIUM] CVE-2024-57997: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36... In the Linux kernel, the following vulnerability has been resolved: wifi: wcn36xx: fix channel survey memory allocation size KASAN reported a memory allocation issue in wcn->chan_survey due to incorrect size calculation. This commit uses kcalloc to allocate memory for wcn->chan_survey, ensuring proper initialization and preventing the use of uninitialized values whe