Erhard Furtner

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13 Description: A vulnerability has been resolved in the Linux kernel related to the powerpc/code-patching infrastructure. The issue was reported by Erhard while booting a PowerMac G4 with a KASAN-enabled kernel 6.13-rc6, resulting in a KASAN hit. The problem occurs because the text patching area is flagged as VM ALLOC, which is meant for vmalloc() allocated memory. However, the area allocated by text area cpu up() is not vmalloc memory and is mapped directly on demand when needed by map kernel page(). The fix involves not flagging the text patching area as VM ALLOC, allowing the area to be unpoisoned and usable immediately. Recommendations: For Linux kernel versions prior to 6.13, update to version 6.13 or later to resolve the issue. As a temporary workaround, consider disabling the text patching infrastructure until a patch is available. Restrict access to the vulnerable area to minimize the risk of exploitation. Avoid using the affected kernel functions until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been fixed involving drm/radeon, related to the encoder's possible clones setting. In the past, nothing validated that drivers were populating possible clones correctly, but that changed in commit 74d2aacbe840. The radeon driver was not following the rules correctly, resulting in warnings during driver initialization. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `gem poll controller()` function, which disables interrupts and may cause the system to sleep. However, sleeping is not allowed in `netpoll`, as it has interrupts disabled completely. The `gem poll controller()` function does not poll completions and instead acts as if an interrupt has fired, scheduling NAPI and exiting. This behavior has been unnecessary for years since `netpoll` invokes NAPI directly. The vulnerability has been resolved by removing the `.ndo poll controller` to avoid deadlocks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the nct6775 component of the Linux kernel, which is associated with errors reading beyond the buffer boundaries. This can result in access errors being reported if KASAN is enabled. The problem arises because the number of temperature configuration registers does not always match the total number of temperature registers. There is a global-out-of-bounds error in the `nct6775 probe` function. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.