Yu Hao

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.2 **Description** An issue in the Linux kernel is related to a divide-by-zero error in the `do div(sz, mtd->erasesize)` function, which is used indirectly by `ctrl cdev ioctl`, when `mtd->erasesize` is 0. This error is located in the `drivers/mtd/ubi/cdev.c` file. The issue may allow an attacker to cause a denial of service or potentially have other impacts. **Recommendations** For Linux kernel version 6.2, consider applying a patch to fix the divide-by-zero error in the `do div(sz, mtd->erasesize)` function. As a temporary workaround, restrict access to the `ctrl cdev ioctl` function to minimize the risk of exploitation. Avoid using the `mtd->erasesize` variable with a value of 0 in the affected code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.2 **Description** An issue was discovered in drivers/tty/n gsm.c in the Linux kernel, where a sleeping function is called from an invalid context in `gsmld write()`, which will block the kernel. This issue is related to the use of an incorrect type of lock. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.2 **Description** An issue was discovered in the Linux kernel, specifically in the drivers/media/test-drivers/vidtv/vidtv bridge.c file. The problem is related to a NULL pointer dereference in the `vidtv mux stop thread` function. This occurs when `dvb->mux` is set to NULL, and then the `vidtv mux stop thread(dvb->mux)` function is executed. The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For Linux kernel version 6.2, as a temporary workaround, consider disabling the `vidtv mux stop thread` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.2 **Description** An issue was discovered in the Linux kernel, specifically in the drivers/media/dvb-core/dvb frontend.c file. The problem arises from a blocking operation when a task is not in the TASK RUNNING state. This occurs in the dvb frontend get event function, where wait event interruptible is called with the condition dvb frontend test event(fepriv, events). Within dvb frontend test event, down(&fepriv->sem) is called, which may block the process. The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For Linux kernel version 6.2, as a temporary workaround, consider disabling the `dvb frontend test event()` function until a patch is available. Restrict access to the vulnerable module `drivers/media/dvb-core/dvb frontend.c` to minimize the risk of exploitation. Avoid using the `fepriv` and `events` variables in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.2 **Description** The issue is related to a race condition in the hci uart tty ioctl() function between HCIUARTSETPROTO and HCIUARTGETPROTO commands in the drivers/bluetooth/hci ldisc.c module. This can lead to a NULL pointer dereference, potentially causing a denial of service. The `hci uart tty ioctl()` function is vulnerable due to the concurrent access to resources, and the `HCI UART PROTO SET` is set before `hu->proto` is set. **Recommendations** For Linux kernel version 6.2, as a temporary workaround, consider disabling the `hci uart tty ioctl()` function until a patch is available. Restrict access to the vulnerable module `drivers/bluetooth/hci ldisc.c` to minimize the risk of exploitation. Avoid using the `HCIUARTSETPROTO` and `HCIUARTGETPROTO` commands in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.