Huai-Yuan Liu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue has been resolved in the Linux kernel. The issue occurs in the `lpfc xcvr data show` function, where a memory allocation with `kmalloc` might fail, making `rdp context` a null pointer. This leads to dereferencing operations on the null pointer, resulting in a null pointer dereference. To fix this issue, a null pointer check should be added, and if the pointer is null, `scnprintf` should be used to notify the user and return the length. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `register device` function in the Linux kernel, where the return value of `ida simple get` is unchecked, leading to the use of an invalid index value. This can cause the kernel to access memory outside the allocated buffer, potentially affecting confidentiality, integrity, and availability of protected information. To address this issue, the index should be checked after `ida simple get`, and when the index value is abnormal, a warning message should be printed, the port should be dropped, and the value should be recorded. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible null pointer dereference in the `malidp mw connector reset` function. In this function, new memory is allocated with `kzalloc`, but no check is performed to prevent null pointer dereferencing. To prevent this, it is necessary to check `mw state` before calling ` drm atomic helper connector reset`. This could potentially allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential null pointer dereference in the `pci1xxx spi probe` function, which may be caused by a failed memory allocation by the `devm kzalloc` function. To fix this issue, a null pointer check needs to be added to prevent null pointer dereferencing later in the code. The memory allocated by `devm kzalloc` will be automatically released. **Recommendations** To resolve the issue, check `spi bus->spi int[iter]` and directly return `-ENOMEM` without worrying about memory leaks. As a temporary workaround, consider adding a null pointer check in the `pci1xxx spi probe` function to prevent null pointer dereferencing.

**Name of the Vulnerable Software and Affected Versions** ACPI (affected versions not specified) **Description** The memory allocation function `ACPI ALLOCATE ZEROED` does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. **Recommendations** To fix this issue, a null pointer check should be added. If it is null, return exception code `AE NO MEMORY`.