Colin Ian King

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue has been found in the Linux kernel, specifically in the drm/v3d component. The problem occurs when the pointer `perfmon` is null, and the WARN ON return path is executed after the pointer has already been dereferenced. This issue is resolved by only dereferencing `perfmon` after it has been null checked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue has been identified in the Linux kernel, specifically in the ALSA pcm component. The issue arises when a pointer substream is dereferenced before a null check is performed using the `PCM RUNTIME CHECK` macro. Although `PCM RUNTIME CHECK` calls `BUG ON`, it is still beneficial to perform the pointer check before assigning the `card` variable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a null pointer dereference on pointer `edp` in the `drm/msm` component. The initialization of pointer `dev` dereferences pointer `edp` before `edp` is null checked, resulting in a potential null pointer deference issue. This is fixed by only dereferencing `edp` after `edp` has been null checked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a null pointer dereference in the netfilter component of the Linux kernel, specifically in the nf tables module. This occurs when the `chain->flags & NFT CHAIN HW OFFLOAD` condition is false, leading to `nft flow rule create` not being called and the `flow` variable being NULL. As a result, the error handling path to `err destroy flow rule` will attempt to call `nft flow rule destroy` on a null `flow`, causing a null pointer dereference. The fix involves only calling `nft flow rule destroy` if the `flow` is non-null. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak has been identified in the Linux kernel, specifically in the trusted key module. The issue arises from two error return paths that fail to free the allocated object `td`, resulting in a memory leak. This leak is addressed by ensuring that the error return path securely frees `td`. The fix also resolves a clang scan-build warning related to a potential memory leak in the `trusted tpm1.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential null dereference on a pointer status in the Linux kernel's dmaengine: idxd component. There are calls to `idxd cmd exec` that pass a null status pointer, and a recent commit has added an assignment to `*status` that can end up with a null pointer dereference. The function expects a null status pointer sometimes, as there is a later assignment to `*status` where `status` is first null checked. The issue is fixed by null checking `status` before making the assignment. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a buffer overflow in the io provide buffers prep() function, which could allow a remote attacker to impact the confidentiality, integrity, and availability of data. The problem was reported by Colin, who noted possible overflow and sign extension issues. The fix involves using check <op> overflow helpers and changing the type of struct io provide buf::len to unsigned, as it doesn't make sense to keep it signed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been resolved in the Linux kernel. The problem occurs when the `lm3554 platform data func` call returns an error, resulting in a memory leak on the error return path of object flash. This issue is fixed by adding an error return path to free flash and renaming labels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.4 **Description** A memory leak issue exists in the cuse channel release function, located in fs/fuse/cuse.c, allowing local users to cause a denial of service due to memory consumption by repeatedly opening /dev/cuse. This could potentially have other unspecified impacts. **Recommendations** For Linux kernel versions prior to 4.4, update to version 4.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.1.4 **Description** The issue is related to a memory leak in the ` key link end` function in `security/keys/keyring.c`. This leak allows local users to cause a denial of service through many `add key` system calls that refer to existing keys, leading to memory consumption. **Recommendations** For Linux kernel versions prior to 4.1.4, update to version 4.1.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `add key` system call to minimize the risk of exploitation.