Main Vulnerability Database SB20240711162

SB20240711162 - Debian update for linux

Published: July 11, 2024 Updated: March 14, 2025

Security Bulletin ID SB20240711162

Severity

High

Patch available

YES

Number of vulnerabilities 31

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 31 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2022-48655)

The vulnerability allows a local user to execute arbitrary code.

The vulnerability exists due to an out-of-bounds read error within the scmi_domain_reset() function in drivers/firmware/arm_scmi/reset.c. A local user can execute arbitrary code.

2) NULL pointer dereference (CVE-ID: CVE-2023-52585)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the amdgpu_ras_query_error_status_helper() function in drivers/gpu/drm/amd/amdgpu/amdgpu_ras.c. A local user can perform a denial of service (DoS) attack.

3) Input validation error (CVE-ID: CVE-2023-52882)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the sun50i_h6_ccu_probe() function in drivers/clk/sunxi-ng/ccu-sun50i-h6.c. A local user can perform a denial of service (DoS) attack.

4) Memory leak (CVE-ID: CVE-2024-26900)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the bind_rdev_to_array() function in drivers/md/md.c. A local user can perform a denial of service (DoS) attack.

5) Use-after-free (CVE-ID: CVE-2024-27398)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the sco_sock_timeout() function in net/bluetooth/sco.c. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2024-27399)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error within the l2cap_chan_timeout() function in net/bluetooth/l2cap_core.c. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

7) Buffer overflow (CVE-ID: CVE-2024-27401)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the packet_buffer_get() function in drivers/firewire/nosy.c. A local user can trigger memory corruption and perform a denial of service (DoS) attack.

8) Buffer overflow (CVE-ID: CVE-2024-35848)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the at24_probe() function in drivers/misc/eeprom/at24.c. A local user can escalate privileges on the system.

9) Improper error handling (CVE-ID: CVE-2024-35947)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error within the ddebug_tokenize() function in lib/dynamic_debug.c. A local user can crash the OS kernel.

10) Out-of-bounds read (CVE-ID: CVE-2024-36017)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the do_setvfinfo() function in net/core/rtnetlink.c. A local user can perform a denial of service (DoS) attack.

11) Input validation error (CVE-ID: CVE-2024-36031)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the __key_instantiate_and_link() function in security/keys/key.c. A local user can perform a denial of service (DoS) attack.

12) Out-of-bounds read (CVE-ID: CVE-2024-36883)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the net_alloc_generic() and register_pernet_operations() functions in net/core/net_namespace.c. A local user can perform a denial of service (DoS) attack.

13) Use-after-free (CVE-ID: CVE-2024-36886)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a use-after-free error within the tipc_buf_append() function in net/tipc/msg.c when processing fragmented TIPC messages. A remote attacker can send specially crafted packets to the system, trigger a use-after-free error and execute arbitrary code on the system in the context of the kernel.

14) Use of uninitialized resource (CVE-ID: CVE-2024-36889)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the mptcp_stream_connect() function in net/mptcp/protocol.c. A local user can perform a denial of service (DoS) attack.

15) NULL pointer dereference (CVE-ID: CVE-2024-36902)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the __fib6_rule_action() function in net/ipv6/fib6_rules.c. A local user can perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2024-36904)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcp_twsk_unique() function in net/ipv4/tcp_ipv4.c. A local user can escalate privileges on the system.

17) Race condition (CVE-ID: CVE-2024-36905)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within the tcp_send_fin() function in net/ipv4/tcp_output.c, within the tcp_rcv_state_process() function in net/ipv4/tcp_input.c, within the tcp_shutdown() and __tcp_close() functions in net/ipv4/tcp.c. A local user can perform a denial of service (DoS) attack.

18) Out-of-bounds read (CVE-ID: CVE-2024-36916)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the iocg_kick_delay() function in block/blk-iocost.c. A local user can perform a denial of service (DoS) attack.

19) Improper locking (CVE-ID: CVE-2024-36919)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper locking within the bnx2fc_free_session_resc() function in drivers/scsi/bnx2fc/bnx2fc_tgt.c. A local user can perform a denial of service (DoS) attack.

20) Improper error handling (CVE-ID: CVE-2024-36929)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the skb_alloc_rx_flag() and skb_copy_expand() functions in net/core/skbuff.c. A local user can perform a denial of service (DoS) attack.

21) Use of uninitialized resource (CVE-ID: CVE-2024-36933)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized resource within the EXPORT_SYMBOL_GPL() and nsh_gso_segment() functions in net/nsh/nsh.c. A local user can perform a denial of service (DoS) attack.

22) Out-of-bounds read (CVE-ID: CVE-2024-36934)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an out-of-bounds read error within the bnad_debugfs_write_regrd() and bnad_debugfs_write_regwr() functions in drivers/net/ethernet/brocade/bna/bnad_debugfs.c. A local user can perform a denial of service (DoS) attack.

23) Improper error handling (CVE-ID: CVE-2024-36939)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the nfs_net_init() function in fs/nfs/inode.c. A local user can perform a denial of service (DoS) attack.

24) Double Free (CVE-ID: CVE-2024-36940)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a double free error within the pinctrl_enable() function in drivers/pinctrl/core.c. A local user can perform a denial of service (DoS) attack.

25) NULL pointer dereference (CVE-ID: CVE-2024-36941)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the nl80211_set_coalesce() function in net/wireless/nl80211.c. A local user can perform a denial of service (DoS) attack.

26) Buffer overflow (CVE-ID: CVE-2024-36946)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to memory corruption within the rtm_phonet_notify() function in net/phonet/pn_netlink.c. A local user can escalate privileges on the system.

27) Improper error handling (CVE-ID: CVE-2024-36950)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the bus_reset_work() and irq_handler() functions in drivers/firewire/ohci.c. A local user can perform a denial of service (DoS) attack.

28) Improper error handling (CVE-ID: CVE-2024-36953)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper error handling within the kvm_register_vgic_device() function in arch/arm64/kvm/vgic/vgic-kvm-device.c. A local user can perform a denial of service (DoS) attack.

29) Memory leak (CVE-ID: CVE-2024-36954)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the tipc_buf_append() function in net/tipc/msg.c. A local user can perform a denial of service (DoS) attack.

30) Off-by-one (CVE-ID: CVE-2024-36957)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an off-by-one error within the rvu_dbg_qsize_write() function in drivers/net/ethernet/marvell/octeontx2/af/rvu_debugfs.c. A local user can perform a denial of service (DoS) attack.

31) Information disclosure (CVE-ID: CVE-2024-36959)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information disclosure within the pinctrl_dt_to_map() function in drivers/pinctrl/devicetree.c. A local user can gain access to sensitive information.

Remediation

Install update from vendor's website.

References

https://lists.debian.org/debian-security-announce/2024/msg00113.html

SB20240711162 - Debian update for linux

Breakdown by Severity

Description

Remediation

References

Please verify you're human