Debian Linux-6.1 vulnerabilities

CVE-2024-46795 [MEDIUM] CVE-2024-46795: linux - In the Linux kernel, the following vulnerability has been resolved: ksmbd: unse... In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer dereference error from sha256 lib. cifs.ko can send session setup requests on reused connection. If reused connection is used for binding session, conn->binding can still remain true and generate_preauth_hash() w

CVE-2024-58016 [MEDIUM] CVE-2024-58016: linux - In the Linux kernel, the following vulnerability has been resolved: safesetid: ... In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handle_policy_update(), triggering a warning in kmalloc. Check the size specified for write buffers before allocating. [PM: subject tweak] Scope: local bookworm: resolve

CVE-2024-43909 [MEDIUM] CVE-2024-43909: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/... In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: open forky: resolved (fixed in 6.10.6-1) sid: resolved (fixed in 6.10.6-1

CVE-2024-53043 [MEDIUM] CVE-2024-53043: linux - In the Linux kernel, the following vulnerability has been resolved: mctp i2c: h... In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is transmitted by a different protocol. Scope: local bookworm: resolved (fixe

CVE-2024-42291 [MEDIUM] CVE-2024-42291: linux - In the Linux kernel, the following vulnerability has been resolved: ice: Add a ... In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust the resources for other VFs. Add a similar limit in ice. Scope: local bookworm: resolved

CVE-2024-43892 [MEDIUM] CVE-2024-43892: linux - In the Linux kernel, the following vulnerability has been resolved: memcg: prot... In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creation failures. It introduced IDR to maintain the memcg ID space. The IDR depends on externa

CVE-2024-42070 [MEDIUM] CVE-2024-42070: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERDICT. This only requires a new helper function to infer the register type from the set data

CVE-2024-56763 [MEDIUM] CVE-2024-56763: linux - In the Linux kernel, the following vulnerability has been resolved: tracing: Pr... In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: resolved (fixed in 5.10.234-1) forky: resolved (fixed in 6.12.8-1) sid: resolved (

CVE-2024-49897 [MEDIUM] CVE-2024-49897: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check phantom_stream before it is used dcn32_enable_phantom_stream can return null, so returned value must be checked before used. This fixes 1 NULL_RETURNS issue reported by Coverity. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: open forky: resolved (fixed in 6.11

CVE-2024-50117 [MEDIUM] CVE-2024-50117: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd: Gu... In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumps

CVE-2024-49957 [MEDIUM] CVE-2024-49957: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix ... In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequently, ocfs2_journal_shutdown() calls jbd2_journal_flush()->jbd2_cleanup_journal_tail()-> __jbd

CVE-2024-28956 [MEDIUM] CVE-2024-28956: intel-microcode - Exposure of Sensitive Information in Shared Microarchitectural Structures during... Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. Scope: local bookworm: resolved (fixed in 3.20250512.1~deb12u1) bullseye: resolved (fixed in 3.20250512.1~deb11u1) forky: resolved (f

CVE-2024-56659 [MEDIUM] CVE-2024-56659: linux - In the Linux kernel, the following vulnerability has been resolved: net: lapb: ... In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPB_HEADER_LEN It is unclear if net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following : skbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2 ------------

CVE-2024-47693 [MEDIUM] CVE-2024-47693: linux - In the Linux kernel, the following vulnerability has been resolved: IB/core: Fi... In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix ib_cache_setup_one error flow cleanup When ib_cache_update return an error, we exit ib_cache_setup_one instantly with no proper cleanup, even though before this we had already successfully done gid_table_setup_one, that results in the kernel WARN below. Do proper cleanup using gid_table

CVE-2024-42253 [MEDIUM] CVE-2024-42253: linux - In the Linux kernel, the following vulnerability has been resolved: gpio: pca95... In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call site pca953x_gpio_set_multiple() ensures the lock is held before calling pca953x_write_regs().

CVE-2024-41009 [MEDIUM] CVE-2024-41009: linux - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix ov... In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer counter to show which logical position the consumer consumed the data, and producer_pos which

CVE-2024-49965 [MEDIUM] CVE-2024-49965: linux - In the Linux kernel, the following vulnerability has been resolved: ocfs2: remo... In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove unreasonable unlock in ocfs2_read_blocks Patch series "Misc fixes for ocfs2_read_blocks", v5. This series contains 2 fixes for ocfs2_read_blocks(). The first patch fix the issue reported by syzbot, which detects bad unlock balance in ocfs2_read_blocks(). The second patch fixes an issue

CVE-2024-42268 [MEDIUM] CVE-2024-42268: linux - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: F... In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlink_remote_reload_actions_performed() which results in triggering lock assert like the following: WAR

CVE-2024-24855 [MEDIUM] CVE-2024-24855: linux - A race condition was found in the Linux kernel's scsi device driver in lpfc_unre... A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. Scope: local bookworm: resolved (fixed in 6.1.133-1) bullseye: open forky: resolved (fixed in 6.5.3-1) sid: resolved (fixed in 6.5.3-1) trixie

CVE-2024-50039 [MEDIUM] CVE-2024-50039: linux - In the Linux kernel, the following vulnerability has been resolved: net/sched: ... In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCA_STAB only for root qdisc Most qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers. Unfortunately syzbot can crash a host rather easily using a TBF + SFQ combination, with an STAB on SFQ [1] We can