Gao Xiang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.10.0-rc7+ **Description** The issue is related to a race condition in the `z erofs get gbuf()` function, where the current task may be migrated to another CPU between `z erofs gbuf id()` and `spin lock(&gbuf->lock)`, triggering an issue in `z erofs put gbuf()`. This was found by a stress test, which caused a kernel bug. The call trace includes functions such as `z erofs put gbuf()`, `z erofs lz4 decompress()`, `z erofs decompress queue()`, `z erofs runqueue()`, and `z erofs readahead()`. **Recommendations** To resolve the issue, update the Linux kernel to a version later than 6.10.0-rc7+. As a temporary workaround, consider disabling the `z erofs get gbuf()` function until a patch is available. Restrict access to the vulnerable `erofs` module to minimize the risk of exploitation. Avoid using the `z erofs put gbuf()` function in the affected kernel versions until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the erofs component of the Linux kernel, specifically with the LZMA global compressed deduplication feature enabled. When stressing microLZMA EROFS images, short-lived temporary pages are not properly released, which could slowly cause unexpected out-of-memory (OOM) errors hours later. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the erofs file system, specifically in the `erofs workgroup unfreeze()` function. This vulnerability can cause a race condition, allowing an attacker to potentially impact the confidentiality, integrity, and availability of protected information. The root cause is that `erofs workgroup unfreeze()` doesn't reset to `orig val`, thus causing the `pcluster` to reuse unexpectedly before freeing. This path is considered unnecessary since UP platforms are quite rare now. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A buffer copy overflow issue has been identified in the Linux kernel, specifically in the erofs filesystem. The problem arises when the ztailpacking feature is used, causing a potential use-after-free error in the `z erofs shifted transform` function. This issue occurs because the tail pcluster may not be a complete filesystem block, leading to incorrect handling of uncompressed tail pcluster data. The error is triggered when the `memcpy` function is called, resulting in a read of size 4074 at a specific memory address. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the cachefiles module, where an in-use flag leakage could occur in certain error paths, specifically in `cachefiles open file()` and `cachefiles create tmpfile()`. This leakage could lead to an "Inode already in use" warning when another cookie with the same index key is looked up. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been resolved in the Linux kernel, specifically in the `posix acl create()` function. The leak occurs in the error paths of `nfs3 proc create()` and `nfs3 proc mknod()` when `acl` and `default acl` are not properly handled. This issue was identified during an investigation of another nfs xfstests report. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.