Giovanni Cabiddu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the crypto component of the Linux kernel, specifically in the qat (Quick Assist Technology) module. The problem arises when using `completion done` to determine if the caller has gone away, which only works after a complete call. Additionally, there's a possibility that the caller has not yet called `wait for completion`, resulting in another potential use-after-free (UAF). The fix involves making the caller use `cancel work sync` and then freeing the memory safely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential integer underflow issue has been identified in the Linux kernel's crypto subsystem, specifically in the QAT (Quick Assist Technology) module when handling RSA requests. This issue could occur when copying the source scatterlist into a linear buffer, potentially leading to problems if the source buffer is larger than the key size. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential integer underflow issue has been identified in the Linux kernel's crypto subsystem, specifically in the QAT (Quick Assist Technology) module. This issue could occur when handling requests with a source buffer larger than the key size, potentially leading to problems when copying the source scatterlist into a linear buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.