Bui Quang Minh

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the virtio-net component. The leak occurs on the error path of the `virtnet xsk pool enable()` function. This issue was revealed by selftests added to the Continuous Integration (CI) system. The memory leak is associated with unreferenced objects, and a backtrace is provided, indicating the involvement of functions such as ` kvmalloc node noprof`, `virtnet xsk pool enable`, and `xsk bind`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the s390/cio component of the Linux kernel, where a buffer is not properly terminated, leading to an out-of-bounds (OOB) read when using scanf. This can cause a denial of service. The problem arises because the copied buffer is not ensured to be NUL terminated, allowing scanf to read beyond the buffer's boundaries. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a buffer overflow vulnerability in the Linux kernel's qedf component. It occurs when a count-sized kernel buffer is allocated and count is copied from userspace to that buffer without ensuring the string is terminated inside the buffer. This can lead to an out-of-bounds (OOB) read when using the `kstrtouint` function. The vulnerability can be exploited to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a buffer overflow vulnerability in the Linux kernel's scsi: bfa component. It occurs when a nbytes-sized kernel buffer is allocated and nbytes are copied from userspace to that buffer. Later, sscanf is used on this buffer without ensuring the string is terminated inside the buffer, leading to an out-of-bounds (OOB) read when using sscanf. This can be fixed by using memdup user nul instead of memdup user. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from the allocation of a count-sized kernel buffer and copying count bytes from userspace to that buffer. Later, sscanf is used on this buffer without ensuring the string is terminated inside the buffer, leading to an out-of-bounds (OOB) read when using sscanf. This is fixed by using memdup user nul instead of memdup user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to errors in reading beyond the buffer memory boundaries in the bna component of the Linux kernel. This can lead to an out-of-bounds (OOB) read when using sscanf. The problem arises because the copied buffer is not ensured to be NUL terminated, which can cause issues when sscanf is used on this buffer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to an off-by-one error in the octeontx2-af component of the Linux kernel. This error occurs when trying to access count + 1 byte from userspace with memdup user(buffer, count + 1), but the userspace only provides a buffer of count bytes, which are verified to be okay to access. To ensure the copied buffer is NUL terminated, memdup user nul is used instead. The vulnerability may allow an attacker to execute arbitrary code with elevated privileges. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.6.7 **Description** An issue in the Linux kernel allows for an out-of-bounds write due to a lack of headroom validation in `xdp umem reg` in `net/xdp/xdp umem.c`. This can be exploited by a user with the `CAP NET ADMIN` capability. The issue may impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Linux kernel versions prior to 5.6.7, update to version 5.6.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `CAP NET ADMIN` capability to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: GOM Player version 2.1.16.4635 Description: The issue is a stack-based buffer overflow in the srt2smi.exe component, which can be triggered by a long string in an SRT file. This can cause a denial of service (crash) or allow remote attackers to execute arbitrary code. Recommendations: For GOM Player version 2.1.16.4635, consider updating to a newer version that addresses this issue, as using a long string in an SRT file can lead to a denial of service or arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libxml2 versions prior to 2.7.8 libxml2-dev (affected versions not specified) libxml2-doc (affected versions not specified) libxml2-utils (affected versions not specified) mingw32-libxml2-2.7.6 mingw32-libxml2-static-2.7.6 mingw32-libxml2-debuginfo-2.7.6 **Description** The issue is related to multiple vulnerabilities in the libxml2 library, which can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. The vulnerabilities are associated with reading from invalid memory locations during the processing of malformed XPath expressions, allowing context-dependent attackers to cause a denial of service (application crash) via a crafted XML document. The vulnerabilities can also be related to the repeated release of memory, allowing a remote attacker to disrupt confidentiality, integrity, and availability of protected information. **Recommendations** For libxml2 versions prior to 2.7.8, update to version 2.7.8 or later. For libxml2-dev, libxml2-doc, and libxml2-utils, there is no information about a newer version that contains a fix for this vulnerability. For mingw32-libxml2-2.7.6, mingw32-libxml2-static-2.7.6, and mingw32-libxml2-debuginfo-2.7.6, consider disabling the use of the libxml2 library until a patch is available. As a temporary workaround, consider restricting access to the vulnerable library to minimize the risk of exploitation.