Harshit Mogalapalli

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A synchronization issue in the Linux kernel's md-bitmap component can cause a general protection fault, leading to a kernel crash. The problem occurs when the `bitmap get stats()` function is called while the bitmap is being destroyed or not fully initialized, resulting in a dereference of an invalid bitmap pointer. This issue was exacerbated by a previous commit that started dereferencing `bitmap->storage`, making the problem easier to trigger. **Recommendations** To resolve this issue, protect the `bitmap get stats()` function with `bitmap info.mutex` to prevent concurrent access and potential crashes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns the Linux kernel, specifically the think-lmi platform, where the password opcode ordering for workstations has been fixed. The Lenovo workstations require the password opcode to be run before the attribute value is changed, if the Admin password is enabled. This fix has been tested on some Thinkpads to confirm they are okay with this order. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the i915 perf interface of the Linux kernel. When the i915 perf interface is not available, dereferencing it will lead to NULL dereferences. The problem can cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential buffer overflow issue has been identified in the Linux kernel, specifically in the handling of symlinks by the cifs module. The problem arises because the `link len` value, which is obtained from `sscanf()`, is marked as untrusted by Smatch. This could lead to a buffer overflow when `link len` exceeds the size of the `link str` buffer. A check has been added to ensure `link len` does not exceed the size of the `link str` buffer. **Recommendations** For the Linux kernel, apply the patch that adds a check to ensure `link len` is not larger than the size of the `link str` buffer to prevent potential buffer overflow issues.