Bodong Zhao

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12 **Description** An out-of-bounds memory write flaw was found in the list devices function in the Multi-device driver module. This flaw allows an attacker with special user privilege, specifically CAP SYS ADMIN, to access out-of-bounds memory, potentially leading to a system crash or a leak of internal kernel information. The highest threat from this issue is to system availability. **Recommendations** For Linux kernel versions prior to 5.12, update to version 5.12 or later to resolve the issue. As a temporary workaround, consider restricting the use of the CAP SYS ADMIN privilege to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.9.9 **Description** An issue in the Linux kernel's speakup driver allows local attackers to cause a denial of service attack. This occurs due to an invalid free when the line discipline is used more than once. The issue is related to the `spk ttyio.c` component. **Recommendations** For Linux kernel versions through 5.9.9, consider disabling the speakup driver to prevent exploitation until a patch is available. Restrict access to the `spk ttyio.c` component to minimize the risk of a local denial of service attack.

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified) Description: A vulnerability was found in the Linux Kernel where the function `sunkbd reinit` has been scheduled by `sunkbd interrupt` before `sunkbd` being freed, causing a Use After Free issue. This is due to an alias in `sunkbd reinit` even though the dangling pointer is set to NULL in `sunkbd disconnect`. The vulnerability is related to the use of memory after it has been freed, which may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel versions prior to 5.9.2 **Description** The issue is related to a use-after-free flaw in the Linux Kernel's tty subsystem, which can be exploited to gain access to sensitive information or cause a denial of service. The problem arises from improper synchronization of access to the global variable `fg console`, leading to a use-after-free condition in `con font op`. **Recommendations** For Linux Kernel versions prior to 5.9.2, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `con font op` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free flaw in the Linux kernel's console subsystem, specifically in the way it uses ioctls `KDGKBSENT` and `KDSKBSENT`. This could allow a local user to gain read access to memory out of bounds, posing a threat to data confidentiality. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.