Jay Shin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.13.0-rc7 **Description** A vulnerability in the Linux kernel has been resolved, which occurred when the NETWORK INTERFACE INFO::LinkSpeed was not set by the server, causing the client to handle any values and potentially leading to a divide error. The issue was fixed by setting cifs server iface::speed to a default value of 1Gbps when the link speed is unset. **Recommendations** For Linux kernel versions prior to 6.13.0-rc7, set cifs server iface::speed to a sane value, such as 1Gbps, by default when link speed is unset to prevent the divide error.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a double free of `TCP Server Info::hostname` in the Linux kernel's smb client. When shutting down the server in `cifs put tcp session()`, the cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit the loop, so `@server->hostname` can't be freed as long as the cifsd thread isn't done. This can lead to a denial of service. The ` reconnect target unlocked()` function and `reconnect dfs server()` function are involved in the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue has been reported in the Linux kernel, specifically in the SMB client, when using SMB2.1 + sign mounts. This occurs due to a race condition between tasks A and B, where `cifs mount()` and `cifs send recv()` are executed concurrently, leading to the use-after-free of the `@ses->auth key.response` key. The issue is resolved by ensuring that a valid `@ses->auth key.response` is available by checking the `@ses->ses status` with `@ses->ses lock` held. **Recommendations** To resolve this issue, ensure that the Linux kernel is updated to a version that includes the fix for the use-after-free issue in the SMB client. As a temporary workaround, consider restricting access to the SMB client until a patch is available. Additionally, ensure that the `@ses->ses status` is checked with `@ses->ses lock` held to prevent the use-after-free of the `@ses->auth key.response` key.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the blkgs destruction path in block/blk-cgroup.c, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, `cgroup rstat flush()` is only called at `css release work fn()`, which is called when the `blkcg` reference count reaches 0. This circular dependency will prevent `blkcg` and some `blkgs` from being freed after they are made offline. This issue may allow an attacker with local access to cause system instability, such as an out of memory error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.9-rc2 **Description** A memory out-of-bounds read flaw was found in the way the Linux kernel accesses a directory with broken indexing using the ext3/ext4 file system. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. **Recommendations** For Linux kernel versions prior to 5.9-rc2, update to version 5.9-rc2 or later to resolve the issue.