Gaosheng Cui

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A possible memory leak has been identified in the `allocate buffers internal()` function. The issue arises when the buffer in the loop is not released under the exception path, potentially leading to a memory leak. To mitigate this, it is recommended to free the buffer when `allegro alloc buffer` fails. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** To resolve the issue, ensure that the buffer is freed when `allegro alloc buffer` fails. As a temporary workaround, consider implementing a check to release the buffer under the exception path in the `allocate buffers internal()` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.1.0-rc6 **Description** The issue is related to a null pointer dereference in the Linux kernel's tty component, specifically in the `spk ttyio release` function. This can occur when the `speakup audptr` module is removed while the `in synth->dev` device is not initialized, leading to a kernel crash. The vulnerability can be exploited to cause a denial of service. Technical details include the `spk ttyio release` function and the `synth release` function, which are involved in the vulnerability. The `mutex lock` function is also mentioned as part of the call trace. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the null pointer dereference in the `spk ttyio release` function. As a temporary workaround, consider disabling the `speakup audptr` module to prevent the vulnerability from being exploited.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `ibmpex register bmc()` function in the `drivers/hwmon/ibmpex.c` module of the Linux kernel, which is associated with the reuse of previously freed memory. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The problem occurs when `ibmpex find sensors()` fails in `ibmpex register bmc()`, causing data to be freed but not removed from `driver data.bmc data`, potentially leading to a use-after-free (UAF) condition during list traversal. **Recommendations** To resolve the issue, remove the `data->list` from `driver data.bmc data` before freeing the data in the `ibmpex register bmc()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the audit queue handling in the Linux kernel. If the audit daemon gets stuck in a stopped state, the kernel's kauditd thread() could get blocked attempting to send audit records to the userspace audit daemon. This could cause the audit queue to grow unbounded, potentially leading to a deadlock state. The problem is resolved by lowering the kernel thread's socket sending timeout and tweaking the kauditd send queue() function to better manage the audit queues when connection problems occur. With this patch, the backlog may temporarily grow beyond the defined limits when the audit daemon is stopped and the system is under heavy audit pressure, but kauditd thread() will continue to make progress and drain the queues as it would for other connection problems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.