Debian Linux-6.1 vulnerabilities

CVE-2024-40919 [MEDIUM] CVE-2024-40919: linux - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Ad... In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() In case of token is released due to token->state == BNXT_HWRM_DEFERRED, released token (set to NULL) is used in log messages. This issue is expected to be prevented by HWRM_ERR_CODE_PF_UNAVAILABLE error code. But

CVE-2024-42290 [MEDIUM] CVE-2024-42290: linux - In the Linux kernel, the following vulnerability has been resolved: irqchip/imx... In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling invokes sleeping functions, which triggers the 'scheduling while atomic' bug in the context s

CVE-2024-43863 [MEDIUM] CVE-2024-43863: linux - In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx:... In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll->fence wait->fence unref deadlocks. vmwgfx overwrites the wait callback to iterate over the list of all

CVE-2024-47683 [MEDIUM] CVE-2024-47683: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip Recompute DSC Params if no Stream on Link [why] Encounter NULL pointer dereference uner mst + dsc setup. BUG: kernel NULL pointer dereference, address: 0000000000000008 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 4 PID: 917 Comm: sway Not tainted 6.3.9-arch1-1 #1 124dc55

CVE-2024-49959 [MEDIUM] CVE-2024-49959: linux - In the Linux kernel, the following vulnerability has been resolved: jbd2: stop ... In the Linux kernel, the following vulnerability has been resolved: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error In __jbd2_log_wait_for_space(), we might call jbd2_cleanup_journal_tail() to recover some journal space. But if an error occurs while executing jbd2_cleanup_journal_tail() (e.g., an EIO), we don't stop waiting for free space

CVE-2024-49886 [MEDIUM] CVE-2024-49886: linux - In the Linux kernel, the following vulnerability has been resolved: platform/x8... In the Linux kernel, the following vulnerability has been resolved: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug Attaching SST PCI device to VM causes "BUG: KASAN: slab-out-of-bounds". kasan report: [ 19.411889] ================================================================== [ 19.413702] BUG: KASAN: slab-out-of-bounds in _isst_if_get_pci_dev+0x

CVE-2024-53129 [MEDIUM] CVE-2024-53129: linux - In the Linux kernel, the following vulnerability has been resolved: drm/rockchi... In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077) Scope: local bookworm: resol

CVE-2024-50183 [MEDIUM] CVE-2024-50183: linux - In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc:... In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release fabric ndlps beforehand opens kref imbalance race conditions. Fix by forcing the DA_ID to c

CVE-2024-53207 [MEDIUM] CVE-2024-53207: linux - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ... In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/ke

CVE-2024-56575 [MEDIUM] CVE-2024-56575: linux - In the Linux kernel, the following vulnerability has been resolved: media: imx-... In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, dev_pm_domain_detach() requires the caller to ensure proper synchronization of this function with power management callbacks. otherwise the detach may led to ke

CVE-2024-43870 [MEDIUM] CVE-2024-43870: linux - In the Linux kernel, the following vulnerability has been resolved: perf: Fix e... In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are deferred to the target task upon resume to userspace via task_work. However failures while adding an event's callback to the task_work engine are ignored. And since the last call for events exit happen after

CVE-2024-42283 [MEDIUM] CVE-2024-42283: linux - In the Linux kernel, the following vulnerability has been resolved: net: nextho... In the Linux kernel, the following vulnerability has been resolved: net: nexthop: Initialize all fields in dumped nexthops struct nexthop_grp contains two reserved fields that are not initialized by nla_put_nh_group(), and carry garbage. This can be observed e.g. with strace (edited for clarity): # ip nexthop add id 1 dev lo # ip nexthop add id 101 group 1 # strace

CVE-2024-53209 [MEDIUM] CVE-2024-53209: linux - In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fi... In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring settin

CVE-2024-41078 [MEDIUM] CVE-2024-41078: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: qgro... In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix quota root leak after quota disable failure If during the quota disable we fail when cleaning the quota tree or when deleting the root from the root tree, we jump to the 'out' label without ever dropping the reference on the quota root, resulting in a leak of the root since fs_inf

CVE-2024-26822 [MEDIUM] CVE-2024-26822: linux - In the Linux kernel, the following vulnerability has been resolved: smb: client... In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll end up reusing the values from the parent mount. Scope: local bookworm: resolved (fixed i

CVE-2024-50296 [MEDIUM] CVE-2024-50296: linux - In the Linux kernel, the following vulnerability has been resolved: net: hns3: ... In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. Du

CVE-2024-46753 [MEDIUM] CVE-2024-46753: linux - In the Linux kernel, the following vulnerability has been resolved: btrfs: hand... In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error. Scope: local bookworm: resolved (fixed in 6.1.135-1) bullseye: resolved (fixed in 5.10.237-1) forky: resolved (fixed in 6

CVE-2024-47665 [MEDIUM] CVE-2024-47665: linux - In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i... In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup Definitely condition dma_get_cache_alignment * defined value > 256 during driver initialization is not reason to BUG_ON(). Turn that to graceful error out with -EINVAL. Scope: local bookworm: resolved (fixed in 6.1.112-1) bullseye: op

CVE-2024-41064 [MEDIUM] CVE-2024-41064: linux - In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh... In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: avoid possible crash when edev->pdev changes If a PCI device is removed during eeh_pe_report_edev(), edev->pdev will change and can cause a crash, hold the PCI rescan/remove lock while taking a copy of edev->pdev->bus. Scope: local bookworm: resolved (fixed in 6.1.106-1) bullseye: resol

CVE-2024-57901 [MEDIUM] CVE-2024-57901: linux - In the Linux kernel, the following vulnerability has been resolved: af_packet: ... In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_un