Debian GNU/Linux 11 (Bullseye) LTS has received important security updates for two packages: Openrazer and Libbpf.
- CVE-2022-23467: Out-of-bounds read.
- CVE-2022-29021: Buffer overflow in the razerkbd driver.
- CVE-2022-29022: Buffer overflow in the razeraccessory driver.
- CVE-2022-29023: Buffer overflow in the razermouse driver.
- CVE-2025-32776: Another out-of-bounds read.
The issues have been resolved in the updated version 2.9.0+dfsg-1+deb11u1. Users are advised to upgrade their Openrazer packages to enhance security.
For further details, users can check the security tracker page for Openrazer at: [Openrazer Security Tracker](https://security-tracker.debian.org/tracker/openrazer).
- CVE-2022-3534: Use-after-free in the function btf_dump_name_dups().
- CVE-2022-3606: Null-pointer dereference in the function find_prog_by_sec_insn().
These vulnerabilities have been patched in version 0.3-2+deb11u1. Users are encouraged to upgrade their Libbpf packages to maintain system security.
For additional information on the security status of Libbpf, users can visit its security tracker page at: [Libbpf Security Tracker](https://security-tracker.debian.org/tracker/libbpf).
Openrazer Security Update (DLA 4136-1)
On April 24, 2025, a security advisory for Openrazer was released, addressing multiple vulnerabilities that could potentially affect devices from Razer, a company known for gaming hardware. The vulnerabilities include:- CVE-2022-23467: Out-of-bounds read.
- CVE-2022-29021: Buffer overflow in the razerkbd driver.
- CVE-2022-29022: Buffer overflow in the razeraccessory driver.
- CVE-2022-29023: Buffer overflow in the razermouse driver.
- CVE-2025-32776: Another out-of-bounds read.
The issues have been resolved in the updated version 2.9.0+dfsg-1+deb11u1. Users are advised to upgrade their Openrazer packages to enhance security.
For further details, users can check the security tracker page for Openrazer at: [Openrazer Security Tracker](https://security-tracker.debian.org/tracker/openrazer).
Libbpf Security Update (DLA 4137-1)
In addition to Openrazer, a security update for Libbpf was also released on the same date. Libbpf is a library that facilitates interaction with eBPF in the Linux kernel. The vulnerabilities addressed in this update include:- CVE-2022-3534: Use-after-free in the function btf_dump_name_dups().
- CVE-2022-3606: Null-pointer dereference in the function find_prog_by_sec_insn().
These vulnerabilities have been patched in version 0.3-2+deb11u1. Users are encouraged to upgrade their Libbpf packages to maintain system security.
For additional information on the security status of Libbpf, users can visit its security tracker page at: [Libbpf Security Tracker](https://security-tracker.debian.org/tracker/libbpf).
Conclusion
Both updates are crucial for maintaining the security and stability of Debian 11 LTS systems. Users are urged to apply these updates promptly and refer to the Debian LTS wiki for instructions on how to implement these updates and to find answers to frequently asked questions about the process. For more comprehensive guidance on Debian LTS security advisories, visit: [Debian LTS Wiki](https://wiki.debian.org/LTS)Openrazer and Libbpf updates for Debian 11 LTS
Debian GNU/Linux 11 (Bullseye) LTS has been updated with two security updates for Openrazer and Libbpf:
[DLA 4136-1] openrazer security update
[DLA 4137-1] libbpf security updateOpenrazer and Libbpf updates for Debian 11 LTS @ Linux Compatible
