Hao Sun

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the Linux kernel's khugepaged component, which is responsible for managing huge pages. The read-only THP (Transparent Huge Pages) for filesystems can collapse THP for files opened readonly and mapped with VM EXEC, but it does not restrict file types. This can cause bugs if a THP is collapsed for a non-regular file, such as a block device, when it is opened readonly and mapped with EXEC permission. The intended use case is to avoid TLB misses for large text segments, but the current implementation may lead to issues. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's handling of uninitialized stack memory. Privileged programs are supposed to be able to read this memory, but before the patch, these accesses were permitted inconsistently. The patch fixes this by allowing these accesses and also fixes the tracking of the stack size for variable-offset reads. This could have led to a program verifying but then attempting to read out-of-bounds data at runtime because a too small stack had been allocated for it. The `check stack slot within bounds()` and `check stack range initialized()` functions were affected. The patch centralizes the tracking of stack size in `grow stack state()` and lifts the calls to `grow stack state()` to `check stack access within bounds()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel NILFS file system (affected versions not specified) **Description** The issue is related to a use after free flaw in the Linux kernel NILFS file system. This flaw can be triggered when a user causes the `security inode alloc` function to fail, followed by a call to the `nilfs mdt destroy` function. A local user could exploit this issue to crash the system or potentially escalate their privileges. The exploitation may also allow an attacker to access confidential data, compromise their integrity, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue was found in the Linux kernel's block invalidatepage function in fs/buffer.c in the filesystem. The problem is related to a missing sanity check, which may allow a local attacker with user privilege to cause a denial of service problem. The exploitation of this issue can lead to a disruption in service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw in the btrfs alloc tree b function in the Linux kernel's btrfs file system, specifically in fs/btrfs/extent-tree.c, is due to an improper lock operation. This issue can cause a denial of service (DOS) due to a deadlock problem, potentially allowing a user with local privileges to exploit it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15 rc7 **Description** The issue is related to incomplete cleanup of temporary or auxiliary resources in the arch/x86/kvm/lapic.c component of the Kernel-based Virtual Machine (KVM) subsystem in the Linux kernel. This can lead to a denial of service when a failure allocation is detected, causing the KVM subsystem to crash the kernel due to mishandling of memory errors during VCPU construction. An attacker with special user privileges can exploit this to cause a denial of service. **Recommendations** For Linux kernel versions prior to 5.15 rc7, update to version 5.15 rc7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free flaw was found in the `add partition` function in the Linux kernel, specifically in the `block/partitions/core.c` file. This issue can be exploited by a local attacker with user privileges to cause a denial of service on the system. The problem arises from the lack of proper code cleanup when the `device add` call fails during the addition of a partition to the disk. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the KVM (Kernel-based Virtual Machine) subsystem in the Linux kernel. It involves a problem with the `kvm io bus unregister dev()` function, which can lead to a deleted list entry dereference when attempting to continue iterating on `coalesced zones` after future entries have been deleted. This can occur if `unregister dev()` destroys all devices except the target device without informing the caller, resulting in a potential crash or other unintended behavior. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.