Debian Linux-6.1 vulnerabilities

CVE-2024-49974 [MEDIUM] CVE-2024-49974: linux - In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit... In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimited number of 4MB chunks, so can run for a long time. Thus IMO async COPY can become a DoS

CVE-2024-50024 [MEDIUM] CVE-2024-50024: linux - In the Linux kernel, the following vulnerability has been resolved: net: Fix an... In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0 LR [c000000000c0f764] __netlink_clear_multicast_users+0x

CVE-2024-57949 [MEDIUM] CVE-2024-57949: linux - In the Linux kernel, the following vulnerability has been resolved: irqchip/gic... In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() The following call-chain leads to enabling interrupts in a nested interrupt disabled section: irq_set_vcpu_affinity() irq_get_desc_lock() raw_spin_lock_irqsave() <--- Disable interrupts its_irq_set_vcpu_affinity() guard(raw_s

CVE-2024-53052 [MEDIUM] CVE-2024-53052: linux - In the Linux kernel, the following vulnerability has been resolved: io_uring/rw... In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze side will grab that rwsem for writing, excluding any new writers

CVE-2024-43856 [MEDIUM] CVE-2024-43856: linux - In the Linux kernel, the following vulnerability has been resolved: dma: fix ca... In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for reuse, then calls devres_destroy() to remove and free the data structure used to track the DMA allocation. Between the two calls, it is possible for a concurrent task to m

CVE-2024-40931 [MEDIUM] CVE-2024-40931: linux - In the Linux kernel, the following vulnerability has been resolved: mptcp: ensu... In the Linux kernel, the following vulnerability has been resolved: mptcp: ensure snd_una is properly initialized on connect This is strictly related to commit fb7a0d334894 ("mptcp: ensure snd_nxt is properly initialized on connect"). It turns out that syzkaller can trigger the retransmit after fallback and before processing any other incoming packet - so that snd_u

CVE-2024-40916 [MEDIUM] CVE-2024-40916: linux - In the Linux kernel, the following vulnerability has been resolved: drm/exynos:... In the Linux kernel, the following vulnerability has been resolved: drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found When reading EDID fails and driver reports no modes available, the DRM core adds an artificial 1024x786 mode to the connector. Unfortunately some variants of the Exynos HDMI (like the one in Exynos4 SoCs) are not able to dri

CVE-2024-49939 [MEDIUM] CVE-2024-49939: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89... In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow is triggered by ieee80211_reconfig(). However, due to rtw89_wow_resume() return failure, it will cause the add interface flow to be executed again, resulting in a double

CVE-2024-46896 [MEDIUM] CVE-2024-46896: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu:... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when

CVE-2024-46841 [MEDIUM] CVE-2024-46841: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: don'... In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() We handle errors here properly, ENOMEM isn't fatal, return the error. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.10.11-1) sid: resolved (fi

CVE-2024-56739 [MEDIUM] CVE-2024-56739: linux - In the Linux kernel, the following vulnerability has been resolved: rtc: check ... In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME

CVE-2024-58085 [MEDIUM] CVE-2024-58085: linux - In the Linux kernel, the following vulnerability has been resolved: tomoyo: don... In the Linux kernel, the following vulnerability has been resolved: tomoyo: don't emit warning in tomoyo_write_control() syzbot is reporting too large allocation warning at tomoyo_write_control(), for one can write a very very long line without new line character. To fix this warning, I use __GFP_NOWARN rather than checking for KMALLOC_MAX_SIZE, for practically a va

CVE-2024-53148 [MEDIUM] CVE-2024-53148: linux - In the Linux kernel, the following vulnerability has been resolved: comedi: Flu... In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error

CVE-2024-50108 [MEDIUM] CVE-2024-50108: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING [1] traces when calling dmub_psr_enable() with Parade 08-01 TCON. These symptoms all go away with PSR-

CVE-2024-45025 [MEDIUM] CVE-2024-45025: linux - In the Linux kernel, the following vulnerability has been resolved: fix bitmap ... In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes. What it does is copying enough words (BITS_TO_LONGS(count/BITS_PER_LONG)), then memsets the

CVE-2024-47671 [MEDIUM] CVE-2024-47671: linux - In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc... In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: prevent kernel-usb-infoleak The syzbot reported a kernel-usb-infoleak in usbtmc_write, we need to clear the structure before filling fields. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.10.12-1) sid: resolved (

CVE-2024-42295 [MEDIUM] CVE-2024-42295: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: han... In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to treat this inconsistency as a bug; it can occur if the argument block address (the buffer

CVE-2024-40911 [MEDIUM] CVE-2024-40911: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80... In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Lock wiphy in cfg80211_get_station Wiphy should be locked before calling rdev_get_station() (see lockdep assert in ieee80211_get_station()). This fixes the following kernel NULL dereference: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000050 Mem abor

CVE-2024-42244 [MEDIUM] CVE-2024-42244: linux - In the Linux kernel, the following vulnerability has been resolved: USB: serial... In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 sin

CVE-2024-56787 [MEDIUM] CVE-2024-56787: linux - In the Linux kernel, the following vulnerability has been resolved: soc: imx8m:... In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock driver is not yet probed. This