Debian Linux-6.1 vulnerabilities

CVE-2024-55881 [MEDIUM] CVE-2024-55881: linux - In the Linux kernel, the following vulnerability has been resolved: KVM: x86: P... In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as

CVE-2024-56720 [MEDIUM] CVE-2024-56720: linux - In the Linux kernel, the following vulnerability has been resolved: bpf, sockma... In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpf_msg_pop_data Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.size) should be supported 4. Fix for the value of variable "a" 5. In sk_msg_shift_left, af

CVE-2024-57939 [MEDIUM] CVE-2024-57939: linux - In the Linux kernel, the following vulnerability has been resolved: riscv: Fix ... In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die() takes spinlock_t which can sleep with PREEMPT_RT enabled. That causes the following warning: BUG: sleeping function called from invalid context at kernel/locking/spinl

CVE-2024-58079 [MEDIUM] CVE-2024-58079: linux - In the Linux kernel, the following vulnerability has been resolved: media: uvcv... In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix crash during unbind if gpio unit is in use We used the wrong device for the device managed functions. We used the usb device, when we should be using the interface device. If we unbind the driver from the usb interface, the cleanup functions are never called. In our case, the IR

CVE-2024-40942 [MEDIUM] CVE-2024-40942: linux - In the Linux kernel, the following vulnerability has been resolved: wifi: mac80... In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface is removed, the entries in that list will never get cleaned. Fix

CVE-2024-47734 [MEDIUM] CVE-2024-47734: linux - In the Linux kernel, the following vulnerability has been resolved: bonding: Fi... In the Linux kernel, the following vulnerability has been resolved: bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave() syzbot reported a WARNING in bond_xdp_get_xmit_slave. To reproduce this[1], one bond device (bond1) has xdpdrv, which increases bpf_master_redirect_enabled_key. Another bond device (bond0) which is unsupported by XDP but its s

CVE-2024-43904 [MEDIUM] CVE-2024-43904: linux - In the Linux kernel, the following vulnerability has been resolved: drm/amd/dis... In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These variables were previously assumed to be null at line 922, but they were used later in the cod

CVE-2024-53685 [MEDIUM] CVE-2024-53685: linux - In the Linux kernel, the following vulnerability has been resolved: ceph: give ... In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effec

CVE-2024-40932 [MEDIUM] CVE-2024-40932: linux - In the Linux kernel, the following vulnerability has been resolved: drm/exynos/... In the Linux kernel, the following vulnerability has been resolved: drm/exynos/vidi: fix memory leak in .get_modes() The duplicated EDID is never freed. Fix it. Scope: local bookworm: resolved (fixed in 6.1.99-1) bullseye: resolved (fixed in 5.10.221-1) forky: resolved (fixed in 6.9.7-1) sid: resolved (fixed in 6.9.7-1) trixie: resolved (fixed in 6.9.7-1)

CVE-2024-56783 [MEDIUM] CVE-2024-56783: linux - In the Linux kernel, the following vulnerability has been resolved: netfilter: ... In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace. Scope: local b

CVE-2024-42272 [MEDIUM] CVE-2024-42272: linux - In the Linux kernel, the following vulnerability has been resolved: sched: act_... In the Linux kernel, the following vulnerability has been resolved: sched: act_ct: take care of padding in struct zones_ht_key Blamed commit increased lookup key size from 2 bytes to 16 bytes, because zones_ht_key got a struct net pointer. Make sure rhashtable_lookup() is not using the padding bytes which are not initialized. BUG: KMSAN: uninit-value in rht_ptr_rcu

CVE-2024-56777 [MEDIUM] CVE-2024-56777: linux - In the Linux kernel, the following vulnerability has been resolved: drm/sti: av... In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. Scope: local bookworm: resolved (fixed in 6.1.123-1) bullseye: open forky: resolved (

CVE-2024-50179 [MEDIUM] CVE-2024-50179: linux - In the Linux kernel, the following vulnerability has been resolved: ceph: remov... In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it get the Fw reference. Scope: local bookworm: resolved (fixed in 6.1.115-1) bullseye: resolv

CVE-2024-40971 [MEDIUM] CVE-2024-40971: linux - In the Linux kernel, the following vulnerability has been resolved: f2fs: remov... In the Linux kernel, the following vulnerability has been resolved: f2fs: remove clear SB_INLINECRYPT flag in default_options In f2fs_remount, SB_INLINECRYPT flag will be clear and re-set. If create new file or open file during this gap, these files will not use inlinecrypt. Worse case, it may lead to data corruption if wrappedkey_v0 is enable. Thread A: Thread B: -

CVE-2024-57948 [MEDIUM] CVE-2024-57948: linux - In the Linux kernel, the following vulnerability has been resolved: mac802154: ... In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardware device from the system. CPU0 CPU1 ==== ==== genl_family_rcv_msg_doit ieee802154_unregiste

CVE-2024-41097 [MEDIUM] CVE-2024-41097: linux - In the Linux kernel, the following vulnerability has been resolved: usb: atm: c... In the Linux kernel, the following vulnerability has been resolved: usb: atm: cxacru: fix endpoint checking in cxacru_bind() Syzbot is still reporting quite an old issue [1] that occurs due to incomplete checking of present usb endpoints. As such, wrong endpoints types may be used at urb sumbitting stage which in turn triggers a warning in usb_submit_urb(). Fix the

CVE-2024-53690 [MEDIUM] CVE-2024-53690: linux - In the Linux kernel, the following vulnerability has been resolved: nilfs2: pre... In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an un

CVE-2024-43828 [MEDIUM] CVE-2024-43828: linux - In the Linux kernel, the following vulnerability has been resolved: ext4: fix i... In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fast_commit When doing fast_commit replay an infinite loop may occur due to an uninitialized extent_status struct. ext4_ext_determine_insert_hole() does not detect the replay and calls ext4_es_find_extent_range(), which will return immediately without initializ

CVE-2024-47660 [MEDIUM] CVE-2024-47660: linux - In the Linux kernel, the following vulnerability has been resolved: fsnotify: c... In the Linux kernel, the following vulnerability has been resolved: fsnotify: clear PARENT_WATCHED flags lazily In some setups directories can have many (usually negative) dentries. Hence __fsnotify_update_child_dentry_flags() function can take a significant amount of time. Since the bulk of this function happens under inode->i_lock this causes a significant content

CVE-2024-50195 [MEDIUM] CVE-2024-50195: linux - In the Linux kernel, the following vulnerability has been resolved: posix-clock... In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime64(). As the man manual of clock_settime() said, if tp.tv_sec is negative or tp.tv_nsec is