Alexander Aring

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.74 Description: A possible null pointer dereference issue has been identified in the Linux kernel. This issue occurs when the `request lock()` function is called and `lkb->lkb resource` is not assigned yet, which happens before `validate lock args()` is called by `attach lkb()`. Another issue is that a resource name could be a non-printable bytearray, and it cannot be assumed to be ASCII coded. The log functionality is probably never hit when DLM is used normally and no debug logging is enabled. The null pointer dereference can only occur on a newly created `lkb` that does not have the resource assigned yet. Recommendations: For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider disabling the `request lock()` function until a patch is available. Restrict access to the `dlm` module to minimize the risk of exploitation. Avoid using the `lkb resource` variable in the affected code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.14.0+ **Description** The issue is related to an invalid read in the Linux kernel's dlm module. This occurs when a `struct plock op` is allocated and appended to a global send list data structure, and then moved to recv list by dev read(). If dev write() casts it to `struct plock xop` and accesses fields only available in `struct plock xop`, an invalid read happens. The problem is fixed by moving the `callback` field to `struct plock op` to indicate that a cast to `plock xop` is allowed. **Recommendations** To fix this issue, update to a version of the Linux kernel that includes the patch for this problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the Linux kernel's net component, specifically in the ieee802154: at86rf230 module. When an error occurs, the `ieee802154 xmit complete()` helper is not called, resulting in a leak of the `skb` structure. To fix this, the `skb` structure is freed upon error before returning. An intermediate `was tx` boolean is introduced to handle a possible race between the delay in switching to `STATE RX AACK ON` and a new interrupt. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.