Claudiu Beznea

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A reference counting issue in the Linux kernel has been identified, specifically in the atmel nand controller init function. This issue occurs in several error handling paths where the function returns an error code without properly balancing the reference count of the `nc->dmac` object, which was previously increased by `dma request channel()`. This can lead to refcount leaks. **Recommendations** To resolve this issue, apply the fix that decrements the refcount of the specific object in the error paths. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.13.0-rc7-next-20250116-arm64-renesas-00002-g35245dfdc62c **Description** A vulnerability in the Linux kernel has been resolved, specifically in the ravb driver. The issue was related to missing rtnl lock in the suspend/resume path, which could lead to conflicts with ongoing ndo operations. Without the fix, a warning about suspicious RCU usage is triggered. The vulnerability affects the ravb open, ravb close, and wol operations, which must be performed under the rtnl lock. **Recommendations** To resolve the issue, update to a version of the Linux kernel that includes the fix for the missing rtnl lock in the suspend/resume path. As a temporary workaround, consider ensuring that calls to ravb open, ravb close, and wol operations are performed under the rtnl lock to prevent conflicts with ongoing ndo operations.