Harald Freudenberger

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.0-HF #2 **Description** The vulnerability is related to incorrect reference handling of the zcrypt card object in the Linux kernel, specifically in the s390/zcrypt component. This can lead to a use-after-free condition, potentially allowing an attacker to elevate privileges in the system. The issue was identified through tests with hot-plugging crypto cards on KVM guests with a debug kernel build. Technical details include the involvement of functions such as `zcrypt card alloc` and `zcrypt card put`, and the slab message indicates an incorrect first byte, suggesting memory corruption. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the s390/zcrypt reference counting issue, which is version 6.8.0-HF #2 or later. Ensure that all systems using the affected kernel versions are updated to prevent potential exploitation of this vulnerability.