Jean-Philippe Brucker

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue in the Linux kernel has been identified, specifically in the io/mm/arm-smmu-v3-sva component. The problem arises from calling `arm64 mm context put()` without holding a reference to the `mm`, which can lead to the `mm` being freed prematurely. To address this, `mmgrab()` and `mmdrop()` are used to ensure the `mm` is only freed after the ASID has been unpinned. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue occurs when using page pool with page fragments in the Linux kernel. This problem arises during normal RX in the hns3 driver, where a page reference is dropped twice, resulting in an underflow. The issue is caused by incorrect coalescing logic in the `skb try coalesce()` function, which takes a page reference to a page instead of increasing the page pool frag reference. This can lead to IOMMU faults or silent memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.