Debian Linux-6.1 vulnerabilities

CVE-2023-52812 [HIGH] CVE-2023-52812: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd: ch... In the Linux kernel, the following vulnerability has been resolved: drm/amd: check num of link levels when update pcie param In SR-IOV environment, the value of pcie_table->num_of_link_levels will be 0, and num_of_levels - 1 will cause array index out of bounds Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved forky: resolved (fixed in 6.5.13-1)

CVE-2023-53034 [HIGH] CVE-2023-53034: linux - In the Linux kernel, the following vulnerability has been resolved: ntb_hw_swit... In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switchtec switchtec0: MW 0: part 0 addr 0x0000000000000000 size 0x0000000000000000 [ 23.734158] ======

CVE-2023-52927 [HIGH] CVE-2023-52927: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the exp not to be removed when the created ct will not be confirmed, like in OVS and TC conntrack

CVE-2023-31083 [MEDIUM] CVE-2023-31083: linux - An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2... An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.10.226-1) forky: re

CVE-2023-53421 [MEDIUM] CVE-2023-53421: linux - In the Linux kernel, the following vulnerability has been resolved: blk-cgroup:... In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Reinit blkg_iostat_set after clearing in blkcg_reset_stats() When blkg_alloc() is called to allocate a blkcg_gq structure with the associated blkg_iostat_set's, there are 2 fields within blkg_iostat_set that requires proper initialization - blkg & sync. The former field was introduced by

CVE-2023-52857 [MEDIUM] CVE-2023-52857: linux - In the Linux kernel, the following vulnerability has been resolved: drm/mediate... In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. Add a int variable for multiplier calculation instead of calculating different types multipl

CVE-2023-52658 [MEDIUM] CVE-2023-52658: linux - In the Linux kernel, the following vulnerability has been resolved: Revert "net... In the Linux kernel, the following vulnerability has been resolved: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b. The revert is required due to the suspicion it is not good for anything and cause crash. Scope: local bookworm: resolved (fixed in 6.1.162-1) bullseye: resolved forky:

CVE-2023-52918 [MEDIUM] CVE-2023-52918: linux - In the Linux kernel, the following vulnerability has been resolved: media: pci:... In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwind if it is NULL. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: open forky

CVE-2023-52887 [MEDIUM] CVE-2023-52887: linux - In the Linux kernel, the following vulnerability has been resolved: net: can: j... In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new This patch enhances error handling in scenarios with RTS (Request to Send) messages arriving closely. It replaces the less informative WARN_ON_ONCE backtraces with a new error handling method. This p

CVE-2023-53424 [MEDIUM] CVE-2023-53424: linux - In the Linux kernel, the following vulnerability has been resolved: clk: mediat... In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from of_iomap() not released on lines: 496. This problem was also found in linux-next. In mtk_clk_simple_probe(), base is not released when handling errors if clk_data is no

CVE-2023-52889 [MEDIUM] CVE-2023-52889: linux - In the Linux kernel, the following vulnerability has been resolved: apparmor: F... In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix null pointer deref when receiving skb during sock creation The panic below is observed when receiving ICMP packets with secmark set while an ICMP raw socket is being created. SK_CTX(sk)->label is updated in apparmor_socket_post_create(), but the packet is delivered to the socket before

CVE-2023-52760 [HIGH] CVE-2023-52760: linux - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix s... In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in gfs2_qd_dealloc In gfs2_put_super(), whether withdrawn or not, the quota should be cleaned up by gfs2_quota_cleanup(). Otherwise, struct gfs2_sbd will be freed before gfs2_qd_dealloc (rcu callback) has run for all gfs2_quota_data objects, resulting in use-after-free. A

CVE-2022-45888 [MEDIUM] CVE-2022-45888: linux - An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus... An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device. Scope: local bookworm: resolved (fixed in 6.1.119-1) bullseye: resolved forky: resolved (fixed in 6.3.7-1) sid: resolved (fixed in 6.3.7-1) trixie: resolved (fixed in 6.3.7-1)

CVE-2022-49034 [MEDIUM] CVE-2022-49034: linux - In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo... In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate