Daire Byrne

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.0.0-5.dneg.x86 64 **Description** A vulnerability has been resolved in the Linux kernel, specifically in the fscache component. The issue occurs due to a race condition between the cookie lru and use cookie functions. When a cookie expires from the LRU and the LRU DISCARD flag is set, but the state machine has not run yet, another thread can call fscache use cookie and begin to use it. This can lead to a kernel NULL pointer dereference when the cookie worker finally runs and withdraws the cookie. The vulnerability is fixed by clearing the LRU DISCARD bit if another thread uses the cookie before the cookie worker runs. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the `fscache use cookie` function until a patch is available. Restrict access to the vulnerable `cachefiles prepare write` function to minimize the risk of exploitation. Avoid using the `cookie lru` and `use cookie` functions in conjunction until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.