Jens Axboe

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where the `bfq merge bio()` function can operate with stale cgroup information when a process is migrated to a different cgroup. This can lead to the bio being merged to a request from a different cgroup, or the merging of `bfqqs` for different cgroups, potentially causing use-after-free issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A NULL pointer dereference issue has been resolved in the Linux kernel. The problem occurred when the `acpi dev put()` function was called on a possibly NULL pointer, which was not handled correctly by the helper inline function. This issue was caused by a change in the `for each acpi dev match()` function. To fix this, the `acpi dev put()` function has been modified to silently accept a NULL pointer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the io uring feature in the Linux kernel, where the function `io uring cancel sqpoll()` is intended to cancel all requests of a specified context. However, it uses per-task counters to track the number of inflight requests, which can lead to the function going to sleep waiting for requests to appear that will never happen. This can cause the task to hang. The issue affects contexts that share sqpoll and continue to use shared counters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.