Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-05-17 CVE-2024-35806 Improper Locking vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: Always disable interrupts when taking cgr_lock smp_call_function_single disables IRQs when executing the callback.
local
low complexity
linux debian CWE-667
5.5
2024-05-01 CVE-2023-52650 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.
local
low complexity
linux debian CWE-476
5.5
2024-05-01 CVE-2024-27025 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL.
local
low complexity
linux debian CWE-476
5.5
2024-05-01 CVE-2024-27030 Race Condition vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Use separate handlers for interrupts For PF to AF interrupt vector and VF to AF vector same interrupt handler is registered which is causing race condition. When two interrupts are raised to two CPUs at same time then two cores serve same event corrupting the data.
local
high complexity
linux debian CWE-362
6.3
2024-05-01 CVE-2024-27038 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider() __clk_get_hw() __clk_get_hw() can return NULL which is dereferenced by clk_core_get() at hw->core. Prior to commit dde4eff47c82 ("clk: Look for parents with clkdev based clk_lookups") the check IS_ERR_OR_NULL() was performed which would have caught the NULL. Reading the description of this function it talks about returning NULL but that cannot be so at the moment. Update the function to check for hw before dereferencing it and return NULL if hw is NULL.
local
low complexity
linux debian CWE-476
5.5
2024-05-01 CVE-2024-27044 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' The 'stream' pointer is used in dcn10_set_output_transfer_func() before the check if 'stream' is NULL. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display/dc/hwss/dcn10/dcn10_hwseq.c:1892 dcn10_set_output_transfer_func() warn: variable dereferenced before check 'stream' (see line 1875)
local
low complexity
linux debian CWE-476
5.5
2024-05-01 CVE-2024-27074 Memory Leak vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e.
local
low complexity
linux debian CWE-401
5.5
2024-05-01 CVE-2024-27076 Memory Leak vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.
local
low complexity
linux debian CWE-401
5.5
2024-05-01 CVE-2024-27077 Memory Leak vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e.
local
low complexity
linux debian CWE-401
5.5
2024-05-01 CVE-2024-26966 Improper Validation of Array Index vulnerability in multiple products
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays The frequency table arrays are supposed to be terminated with an empty element.
local
low complexity
linux debian CWE-129
5.5