Dexuan Cui

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A vulnerability in the Linux kernel has been resolved, which could cause a kernel NULL pointer dereference when the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized. This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened. The issue is caused by the `kvp register done()` function, which can cause the channel callback to be called before the channel is fully opened, resulting in a NULL pointer dereference. To fix the panic, the steps in `util probe()` have been reordered to prevent the race condition from happening. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to fix the vulnerability. As a temporary workaround, consider disabling the `kvp register done()` function until a patch is available. Restrict access to the `/dev/vmbus/hv kvp` device file to minimize the risk of exploitation. Avoid using the `KVP OP REGISTER1` message in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the hv vmbus driver, where the `hv panic page` might contain guest-sensitive information. By default, in isolated guests, the `sysctl record panic msg` is deactivated to prevent this information from being dumped to Hyper-V. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.