Jiasheng Jiang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the clk-mt2701 component of the Linux kernel. This could allow an attacker to cause a denial of service. The problem is addressed by adding a check for the return value of `mtk alloc clk data()` to prevent the NULL pointer dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the Linux kernel, specifically in the fs/pstore/platform.c component. This can be caused by the lack of a check for the return value of the `kstrdup()` function, which can lead to a NULL pointer dereference if it fails. The exploitation of this issue can result in a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 3.0 **Description** An issue was discovered in the FFmpeg package, where the `vp3 decode frame` function in `libavcodec/vp3.c` lacks a check of the return value of `av malloc()`, which will cause a null pointer dereference. This impacts availability and potentially confidentiality. The issue can be exploited by a remote attacker to cause a denial of service. **Recommendations** For FFmpeg versions prior to 3.0, consider updating to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the `vp3 decode frame` function in `libavcodec/vp3.c` to minimize the risk of exploitation. Additionally, ensure that error handling for memory allocation is properly implemented to prevent similar issues.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16-rc6 **Description** An issue was discovered in the Linux kernel where the `imx register uart clocks` function in `drivers/clk/imx/clk.c` lacks a check of the return value of `kcalloc()`, leading to a null pointer dereference. This could allow an attacker to cause a denial of service or potentially elevate their privileges. **Recommendations** For Linux kernel versions prior to 5.16-rc6, consider applying a patch that adds a check for the return value of `kcalloc()` in the `imx register uart clocks` function to prevent null pointer dereferences. As a temporary workaround, restricting access to the `imx register uart clocks` function may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16-rc6 **Description** The issue is related to the `lkdtm ARRAY BOUNDS` function in the `drivers/misc/lkdtm/bugs.c` module of the Linux kernel. It lacks a check of the return value of `kmalloc()` and will cause a null pointer dereference. This can lead to a denial of service or potentially allow an attacker to elevate their privileges. **Recommendations** For Linux kernel versions prior to 5.16-rc6, consider disabling the `lkdtm ARRAY BOUNDS` function in the `drivers/misc/lkdtm/bugs.c` module as a temporary workaround until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the `kmalloc()` function in the affected module until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

[Content removed]

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.16-rc6 **Description** An issue in the Linux kernel is related to the function ` rtw init xmit priv` in the `drivers/staging/r8188eu/core/rtw xmit.c` module, which lacks a check of the return value of `rtw alloc hwxmits()`. This will cause a null pointer dereference. The issue may allow an attacker to cause a denial of service or elevate their privileges. **Recommendations** For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the ` rtw init xmit priv` function in the `drivers/staging/r8188eu/core/rtw xmit.c` module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.16-rc6 **Description** An issue was discovered in the Linux kernel related to the function `free charger irq()` in the module `drivers/power/supply/wm8350 power.c`. This issue is associated with a pointer dereference error. The exploitation of this issue may allow an attacker to cause a denial of service or elevate their privileges. **Recommendations** For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the `free charger irq()` function until a patch is available. Restrict access to the `wm8350 power` module to minimize the risk of exploitation. Avoid using the `WM8350 IRQ CHG FAST RDY` variable in the affected code until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.16-rc6 **Description** An issue was discovered in the Linux kernel where the function `kfd parse subtype iolink` in the module `drivers/gpu/drm/amd/amdkfd/kfd crat.c` lacks a check of the return value of the function `kmemdup()`. This issue can be exploited to cause a denial of service or potentially elevate privileges. **Recommendations** For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the `kfd parse subtype iolink` function until a patch is available. Restrict access to the vulnerable module `drivers/gpu/drm/amd/amdkfd/kfd crat.c` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.16-rc6 **Description** An issue was discovered in the Linux kernel where the `uapi finalize` function in `drivers/infiniband/core/uverbs uapi.c` lacks a check of `kmalloc array()`. This issue is related to a pointer dereference error. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the `uapi finalize()` function until a patch is available. Restrict access to the `drivers/infiniband/core/uverbs uapi.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16-rc6 **Description** The issue is related to the ef100 update stats function in the drivers/net/ethernet/sfc/ef100 nic.c module of the Linux kernel, which lacks a check of the return value of `kmalloc()`. This can lead to a pointer dereference error. Exploitation of this issue may allow an attacker to cause a denial of service or elevate their privileges. **Recommendations** For Linux kernel versions prior to 5.16-rc6, consider disabling the `ef100 update stats` function as a temporary workaround until a patch is available. Restrict access to the vulnerable module `ef100 nic.c` to minimize the risk of exploitation. Avoid using the `kmalloc()` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.16-rc6 **Description** An issue in the Linux kernel is related to the function `mtk vcodec fw vpu init()` in the module `drivers/media/platform/mtk-vcodec/mtk vcodec fw vpu.c`, which lacks a check of the return value of `devm kzalloc()` and will cause a null pointer dereference. This can potentially allow an attacker to cause a denial of service or elevate their privileges. **Recommendations** For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the `mtk vcodec fw vpu init()` function until a patch is available. Restrict access to the vulnerable module `mtk-vcodec` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.16-rc6 **Description** An issue was discovered in the Linux kernel where the `malidp crtc reset` function in `drivers/gpu/drm/arm/malidp crtc.c` lacks a check of the return value of `kzalloc()`, leading to a null pointer dereference. This could allow an attacker to cause a denial of service or elevate their privileges. **Recommendations** For Linux kernel versions through 5.16-rc6, as a temporary workaround, consider disabling the `malidp crtc reset` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.