Hangyu Hua

**Name of the Vulnerable Software and Affected Versions** Windows Encrypting File System (affected versions not specified) **Description** An out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the rga probe function of the media subsystem. The issue arises when the rga probe function fails, and the rga->m2m dev is not properly freed, leading to a potential memory leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible out-of-bounds write in the `multiq tune()` function of the `sch multiq` component. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. The vulnerability may be exploited by sending specially crafted network requests, allowing an attacker to execute arbitrary code in kernel mode. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.3.7 **Description** The issue is related to the `fl set geneve opt()` function in the `net/sched/cls flower.c` module of the Linux kernel's traffic control subsystem. It involves incorrect buffer boundary calculation during writing, which can be exploited by a remote attacker to cause a denial of service or potentially escalate privileges. The vulnerability can be triggered via `TCA FLOWER KEY ENC OPTS GENEVE` packets, affecting the flower classifier code and leading to an out-of-bounds write. **Recommendations** For Linux kernel versions prior to 6.3.7, update to version 6.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `fl set geneve opt()` function or the `TCA FLOWER KEY ENC OPTS GENEVE` packets to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.0.x **Description** A use after free issue in the Linux kernel has been resolved. The problem occurred in the m can tx handler() function, where can put echo skb() would clone and then free an skb. To fix this, the can put echo skb() call for version 3.0.x was moved directly before the start of transmission in hardware, similar to the fix in the 3.1.x branch. **Recommendations** For Linux kernel version 3.0.x, update the kernel to include the fix that moves the can put echo skb() call before the start of transmission in hardware.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue in the Linux kernel has been identified and resolved. The problem occurs in the `intel dp add mst connector()` function, where a reference count leak can happen if `drm connector init` fails. To address this, it is necessary to drop the refcount of the port before calling `intel connector free` to ensure proper cleanup. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.2.7 **Description** The issue is related to a race condition in the Linux kernel's TLS protocol implementation, specifically in the `do tls getsockopt conf()` and `do tls setsockopt conf()` functions in the `net/tls/tls main.c` module. This is due to the lack of synchronization in `do tls getsockopt conf()`, allowing for concurrent access to `ctx->crypto send.info`. Exploitation of this issue can lead to a denial of service. The `do tls getsockopt` function lacks a `lock sock` call, resulting in a race condition that can cause a use-after-free or NULL pointer dereference. **Recommendations** For Linux kernel versions prior to 6.2.7, update to version 6.2.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `net/tls/tls main.c` module to minimize the risk of exploitation. Avoid using the `do tls getsockopt` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak was found in the Linux kernel's usbip stub probe() function. The issue occurs when usb get dev() is called in stub device alloc() and stub probe() fails afterwards, requiring usb put dev() to be called to release the reference. This was fixed by moving usb put dev() to the sdev free error path handling. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions up to 5.4.214 Linux kernel versions up to 5.10.145 Linux kernel versions up to 5.15.70 Linux kernel versions up to 5.19.11 Linux kernel versions up to 6.0 **Description** The issue is related to a memory leak vulnerability in the tc new tfilter function of the Linux kernel's sched component. This vulnerability can allow an attacker to gain access to confidential information. The vulnerability is associated with the net/sched/cls api.c component and can be exploited by an attacker with local network access. **Recommendations** Upgrade the Linux kernel to a version later than 5.4.214 to patch the vulnerability. Upgrade the Linux kernel to a version later than 5.10.145 to patch the vulnerability. Upgrade the Linux kernel to a version later than 5.15.70 to patch the vulnerability. Upgrade the Linux kernel to a version later than 5.19.11 to patch the vulnerability. Upgrade the Linux kernel to a version later than 6.0 to patch the vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential refcount leak issue has been identified in the Linux kernel, specifically in the tipc sk create() function. This issue can occur when the tipc sk insert() function fails, resulting in a possible memory leak. The leak is fixed by freeing the socket (sk) in case of failure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.18.14 **Description** An issue was discovered in the Linux kernel where the `xfrm expand policies` function in `net/xfrm/xfrm policy.c` can cause a refcount to be dropped twice, potentially leading to a denial of service. This issue can be exploited by a remote attacker. **Recommendations** For Linux kernel versions through 5.18.14, as a temporary workaround, consider disabling the `xfrm expand policies` function until a patch is available. Restrict access to the `net/xfrm/xfrm policy.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the powerpc/secvar module, related to the format show() function. This leak occurs when format show() returns failure in multiple cases. The issue can be resolved through unified management of of node put. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the `ill acc of setup()` function related to the MIPS architecture and Ralink setup. The issue arises when `pdev` equals `NULL`, and `of node put(np)` is not called, leading to a resource leak. **Recommendations** For the affected Linux kernel versions, ensure that `of node put(np)` is called when `pdev` equals `NULL` in the `ill acc of setup()` function to fix the refcount leak issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak issue has been identified in the Linux kernel, specifically in the xillybus char driver. The problem arises from the use of `usb get dev` in `xillyusb probe`, which requires a corresponding call to `usb put dev` before the device `xdev` is released to prevent the leak. **Recommendations** For the affected Linux kernel version, consider applying the fix that includes calling `usb put dev` before releasing `xdev` to mitigate the refcount leak issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.15.8 **Description** The issue is related to a refcount leak in the pep sock accept function in the Linux kernel. This leak is associated with insufficient protection of internal data. Exploitation of this issue may allow an attacker to gain unauthorized access to protected information. **Recommendations** For Linux kernel versions through 5.15.8, update to a version that contains a fix for this issue to resolve the refcount leak in the pep sock accept function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.