Jiawei Ye

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A potential RCU dereference issue was identified in the `mac802154 scan worker` function. The `scan req->type` field was accessed after the RCU read-side critical section was unlocked, which is against RCU usage rules and can lead to unpredictable behavior, such as accessing memory that has been updated or causing use-after-free issues. This issue was detected using a static analysis tool designed to detect RCU-related problems. To fix this, the `scan req->type` value is now stored in a local variable `scan req type` while still within the RCU read-side critical section, ensuring safe access to the type value without violating RCU rules. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** A potential RCU dereference issue was identified in the `wilc parse join bss param` function, where the TSF field of the `ies` structure is accessed after the RCU read-side critical section is unlocked. This can lead to unpredictable behavior, including accessing memory that has been updated or causing use-after-free issues. The issue was detected using a static analysis tool designed to identify RCU-related problems. To address this, the TSF value is now stored in a local variable `ies tsf` before the RCU lock is released, ensuring safe access to the TSF value. **Recommendations** For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider applying the fix manually by storing the TSF value in a local variable before releasing the RCU lock, similar to the solution implemented in version 6.6.58.