Francesco Dolcini

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns an information leak in the triggered buffer of the Linux kernel's ti-ads1119 ADC driver. The `scan` local struct, used to push data to user space, contains an uninitialized hole between the sample and the timestamp. This hole is never initialized, allowing uninitialized information to be pushed to userspace. The fix involves initializing the struct to zero before using it. **Recommendations** Initialize the `scan` struct to zero before using it to avoid pushing uninitialized information to userspace. As a temporary workaround, consider restricting access to the triggered buffer in the ti-ads1119 ADC driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 **Description** A vulnerability in the Linux kernel has been resolved, related to the pmdomain: imx: gpcv2: Adjust delay after power up handshake. The udelay(5) is not enough, sometimes causing a kernel panic still to be triggered. The correct way is to wait for the handshake, but it needs the BUS clock of BLK-CTL to be enabled, which is in a separate driver. So, delay is the only option here. The udelay(10) is a data obtained through experiment. **Recommendations** To resolve the issue for Linux kernel versions prior to 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956, update to a version that includes the fix for the pmdomain: imx: gpcv2: Adjust delay after power up handshake. As a temporary workaround, consider increasing the delay after power up handshake to udelay(10) to minimize the risk of kernel panic.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's mmc core component, where a negative index can be accessed with an array. This occurs because the iterator `i` is not checked to be greater than zero before assigning `prev idata = idatas[i - 1]`. The vulnerability may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.