Dmitry Osipenko

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises from the potential invocation of `rk hdptx phy runtime resume()` before `platform set drvdata()` is executed in the `->probe()` function, leading to a NULL pointer dereference when using the return of `dev get drvdata()`. This occurs in the Linux kernel, specifically in the phy: rockchip: samsung-hdptx component. The problem is resolved by ensuring that `platform set drvdata()` is called before `devm pm runtime enable()`. **Recommendations** Ensure `platform set drvdata()` is called before `devm pm runtime enable()` to prevent the NULL pointer dereference. As a temporary workaround, consider restricting the use of the `rk hdptx phy runtime resume()` function until the issue is fully resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to out-of-bounds memory accesses in the hdmi-codec driver of the Linux kernel. This is caused by an incorrect size of the iec status array, which is fixed by changing it to the size of the status array of the struct snd aes iec958. The problem was reported by KASAN and can lead to out-of-bounds slab read accesses made by memcpy() of the hdmi-codec driver. Exploitation of this issue may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where calling the madvise IOCTL twice on a Buffer Object (BO) causes memory shrinker list corruption, leading to kernel crashes. This occurs because the BO is added to the list again while it is already present, instead of being removed before re-addition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an integer overflow/underflow in hysteresis calculations in the Linux kernel's hwmon component, specifically in the lm90 module. This occurs when setting the hysteresis value to MAX LONG and the critical temperature limit is negative. The problem was addressed by using the clamp val() function to prevent overflow or underflow when setting the hysteresis temperature. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.