Vladis Dronov

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions v4.18 and newer **Description** A flaw was found in the Linux kernel in the function `hid debug events read()` in the `drivers/hid/hid-debug.c` file, which may enter an infinite loop with certain parameters passed from a userspace. This could allow a local privileged user (with "root" privileges) to cause a system lock up and a denial of service. The issue is related to uncontrolled resource consumption. **Recommendations** For Linux kernel versions v4.18 and newer, consider disabling the `hid debug events read()` function as a temporary workaround to minimize the risk of exploitation until a patch is available. Restrict access to the `drivers/hid/hid-debug.c` file to prevent potential abuse.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.19-rc1 through 4.19-rc3 **Description** A security flaw was found in the `ip frag reasm()` function, which can cause a later system crash in `ip do fragment()`. With certain non-default configuration of a victim host, an attacker can trigger this crash remotely, leading to a remote denial-of-service. **Recommendations** For Linux kernel versions 4.19-rc1 through 4.19-rc3, consider disabling the `ip frag reasm()` function as a temporary workaround until a patch is available. Restrict access to the affected `ip do fragment()` function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is caused by a missing address check in the callers of the `show opcodes()` function in the Linux kernel, allowing an attacker to dump kernel memory at an arbitrary kernel address into the dmesg log. This is also described as a vulnerability in the `show opcodes()` function due to input validation errors, which can be exploited to access protected kernel information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.10.8 **Description** The issue allows local users to cause a denial of service, resulting in a system hang, by making a crafted ioctl call for a /dev/dri/renderD* device. This is due to the lack of validation of certain levels data in the vmw gb surface define ioctl function. **Recommendations** For Linux kernel versions prior to 4.10.8, update to version 4.10.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/dri/renderD* device to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.10.5 **Description** The issue is related to the `vmw surface define ioctl` function in the Linux kernel, which does not properly check for a zero value of certain levels data. This allows local users to cause a denial of service via a crafted ioctl call for a `/dev/dri/renderD*` device, potentially resulting in a ZERO SIZE PTR dereference, GPF, and possibly a panic. **Recommendations** For Linux kernel versions prior to 4.10.5, update to version 4.10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.8.10 **Description** The issue is related to the mishandling of skb truncation in the TCP stack, which can be exploited by local users to cause a denial of service, resulting in a system crash. This can be achieved through a crafted application that utilizes sendto system calls. The problem is associated with the net/ipv4/tcp ipv4.c and net/ipv6/tcp ipv6.c files. **Recommendations** For Linux kernel versions prior to 4.8.10, update to version 4.8.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 **Description** The issue allows local users to bypass intended Secure Boot restrictions and execute untrusted code by appending ACPI tables to the initrd when the system is booted with UEFI Secure Boot enabled. **Recommendations** For Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2, consider disabling UEFI Secure Boot or restricting the appending of ACPI tables to the initrd until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5 **Description** The issue allows local users to cause a denial of service by creating many pipes with non-default sizes, resulting in memory consumption due to the lack of limitation on the amount of unread data in pipes. **Recommendations** For Linux kernel versions prior to 4.5, update to version 4.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.2.2 **Description** The issue is related to the NFS client in the Linux kernel, where memory for migration recovery operations is not properly initialized. This allows remote NFS servers to cause a denial of service, resulting in a NULL pointer dereference and panic, via crafted network traffic. **Recommendations** For Linux kernel versions prior to 4.2.2, update to version 4.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 3.10.x **Description** The issue is related to a flaw in the Linux kernel that allows userspace to call functions like `memcpy fromiovecend()` with a zero offset and buffer length, causing a read beyond buffer boundaries. This can lead to a memory access fault and a system halt by accessing an invalid memory address. The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For Linux kernel version 3.10.x, consider disabling the `memcpy fromiovecend()` function as a temporary workaround until a patch is available. Restrict access to similar functions that may cause buffer boundary overflows to minimize the risk of exploitation.