Debian Linux-6.1 vulnerabilities

CVE-2024-47743 [MEDIUM] CVE-2024-47743: linux - In the Linux kernel, the following vulnerability has been resolved: KEYS: preve... In the Linux kernel, the following vulnerability has been resolved: KEYS: prevent NULL pointer dereference in find_asymmetric_key() In find_asymmetric_key(), if all NULLs are passed in the id_{0,1,2} arguments, the kernel will first emit WARN but then have an oops because id_2 gets dereferenced anyway. Add the missing id_2 check and move WARN_ON() to the final else

CVE-2024-56776 [MEDIUM] CVE-2024-56776: linux - In the Linux kernel, the following vulnerability has been resolved: drm/sti: av... In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: open forky: resolved (fixed in 6.12.5-1) sid:

CVE-2024-46732 [MEDIUM] CVE-2024-46732: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Assign linear_pitch_alignment even for VM [Description] Assign linear_pitch_alignment so we don't cause a divide by 0 error in VM environments Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: open forky: resolved (fixed in 6.10.9-1) sid: resolved (fixed in 6.10.9-1) tr

CVE-2024-44989 [MEDIUM] CVE-2024-44989: linux - In the Linux kernel, the following vulnerability has been resolved: bonding: fi... In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set. Example trace: kernel: BUG: unable to handle page fault for address: 0000000000001030 ke

CVE-2024-56637 [MEDIUM] CVE-2024-56637: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. Scope: local bookworm:

CVE-2024-42153 [MEDIUM] CVE-2024-42153: linux - In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: F... In the Linux kernel, the following vulnerability has been resolved: i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr When del_timer_sync() is called in an interrupt context it throws a warning because of potential deadlock. The timer is used only to exit from wait_for_completion() after a timeout so replacing the call with wait_for_completi

CVE-2024-43907 [MEDIUM] CVE-2024-43907: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved (fixed in 6.10.6-1) sid: resolved (fixed in 6.10

CVE-2024-53123 [MEDIUM] CVE-2024-53123: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: erro... In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/G

CVE-2024-42115 [MEDIUM] CVE-2024-42115: linux - In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix ... In the Linux kernel, the following vulnerability has been resolved: jffs2: Fix potential illegal address access in jffs2_free_inode During the stress testing of the jffs2 file system,the following abnormal printouts were found: [ 2430.649000] Unable to handle kernel paging request at virtual address 0069696969696948 [ 2430.649622] Mem abort info: [ 2430.649829] ESR

CVE-2024-45021 [MEDIUM] CVE-2024-45021: linux - In the Linux kernel, the following vulnerability has been resolved: memcg_write... In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.10.226-1) forky: resolved (fixed in 6.10.7

CVE-2024-43860 [MEDIUM] CVE-2024-43860: linux - In the Linux kernel, the following vulnerability has been resolved: remoteproc:... In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Skip over memory region when node value is NULL In imx_rproc_addr_init() "nph = of_count_phandle_with_args()" just counts number of phandles. But phandles may be empty. So of_parse_phandle() in the parsing loop (0 < a < nph) may return NULL which is later dereferenced. Adjust

CVE-2024-58009 [MEDIUM] CVE-2024-58009: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc A NULL sock pointer is passed into l2cap_sock_alloc() when it is called from l2cap_sock_new_connection_cb() and the error handling paths should also be aware of it. Seemingly a more elegant solution would be to swap bt_sock_alloc() and l

CVE-2024-50082 [MEDIUM] CVE-2024-50082: linux - In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos:... In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We're seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: supervisor write access in kernel mode #PF: error_code(0x0002) - not-present page PGD 100000067 P

CVE-2024-50040 [MEDIUM] CVE-2024-50040: linux - In the Linux kernel, the following vulnerability has been resolved: igb: Do not... In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung task that can happen when igb_down() is called multiple times. This caused an issue when pro

CVE-2024-42286 [MEDIUM] CVE-2024-42286: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2x... In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a kernel crash, BUG: unable to handle kernel NULL pointer dereference at 0000000000000070 Workqueue: events_unbound qla_registe

CVE-2024-42269 [MEDIUM] CVE-2024-42269: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). ip6table_nat_table_init() accesses net->gen->ptr[ip6table_nat_net_ops.id], but the function is exposed to user space before the entry is allocated via register_pernet_subsys(). Let's call register_pernet_subsys() before

CVE-2024-42230 [MEDIUM] CVE-2024-42230: linux - In the Linux kernel, the following vulnerability has been resolved: powerpc/pse... In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv instructions after AIL is disabled, which causes an interrupt at an unexpected entry locati

CVE-2024-53231 [MEDIUM] CVE-2024-53231: linux - In the Linux kernel, the following vulnerability has been resolved: cpufreq: CP... In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved forky: resolved (fixed in 6.12.3-1

CVE-2024-46715 [MEDIUM] CVE-2024-46715: linux - In the Linux kernel, the following vulnerability has been resolved: driver: iio... In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL point

CVE-2024-50194 [MEDIUM] CVE-2024-50194: linux - In the Linux kernel, the following vulnerability has been resolved: arm64: prob... In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Fix uprobes for big-endian kernels The arm64 uprobes code is broken for big-endian kernels as it doesn't convert the in-memory instruction encoding (which is always little-endian) into the kernel's native endianness before analyzing and simulating instructions. This may result in a fe