Ruihan Li

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 6.1 through 6.4 **Description** A vulnerability exists in the memory management subsystem of the Linux kernel, related to incorrect lock handling for accessing and updating virtual memory areas (VMAs), leading to use-after-free problems. This issue can be exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. The vulnerability is due to a locking bug in the virtual memory management subsystem that leads to a UAF-by-RCU vulnerability. **Recommendations** For Linux kernel versions 6.1 through 6.4, update to version 6.4.1, 6.3.11, or 6.1.37 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable virtual memory management subsystem to minimize the risk of exploitation. Avoid using the vulnerable `maple tree` structure for managing virtual memory areas until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A vulnerability was found in the HCI sockets implementation due to a missing capability check in the Linux Kernel. This flaw allows an attacker to execute management commands without authorization, compromising the confidentiality, integrity, and availability of Bluetooth communication. The issue is related to insufficient permission checks when handling ioctl system calls of HCI sockets, enabling tasks without the proper CAP NET ADMIN capability to mark HCI sockets as trusted. As a result, unprivileged users can acquire a trusted socket, leading to unauthorized execution of management commands. If successfully exploited, the vulnerability can be used to pair the controller with malicious devices, even if the Bluetooth service is disabled or not installed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.