Johannes Berg

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a null pointer dereference in the nl80211 component of the Linux kernel. If parsing fails, it can lead to a null pointer being dereferenced, potentially causing a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the wifi: iwlwifi: read txq->read ptr under lock in the Linux kernel. If `txq->read ptr` is read without a lock, it can result in reading the same value twice, then obtaining the lock, and reclaiming from there to two different places, but crucially reclaiming the same entry twice, resulting in the WARN ONCE() a little later. The fix is to read `txq->read ptr` under lock. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential sta-link leak in the mac80211 component of the Linux kernel. When a station is allocated, links are added but not set to valid yet, and if the station is removed without marking the links as valid, it may cause a leak. This could potentially allow an attacker to gain access to confidential information. The vulnerability is related to the function `sta info free()` and may be exploited to disclose information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue was found in the mac80211 code of the Linux kernel. The problem occurs in the `ieee80211 vif use reserved context()` function when the `replace state` of the new context is set to `IEEE80211 CHANCTX REPLACE NONE`. In this case, the old context is freed, but its pointer is not set to `NULL`, leading to a potential use-after-free error. This issue can be exploited when the `new ctx` replace state is not `IEEE80211 CHANCTX REPLACES OTHER`, causing the function to return without further actions, thus avoiding access to the freed `old ctx`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential NULL pointer dereference issue has been resolved in the Linux kernel, specifically in the iwlwifi mei component. The issue occurred when SKB allocation failed, and the code attempted to use a NULL pointer instead of continuing the process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue has been resolved in the Linux kernel, specifically in the mac80211 module. The issue occurred when PN checking was done for fragmentation, and the `hdr` variable was used without being necessarily valid, potentially leading to use-after-free if parts of the frame needed to be reallocated. The fix involves reloading the variable after the code that results in reallocations, if any. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.9.x through 4.10.12 **Description** The issue is caused by incorrect interaction with the CONFIG VMAP STACK option in the crypto/ccm.c driver, allowing local users to cause a denial of service, such as a system crash or memory corruption, by leveraging the use of more than one virtual page for a DMA scatterlist. This is due to a buffer overflow in memory. **Recommendations** For Linux kernel versions 4.9.x through 4.10.12, consider disabling the CONFIG VMAP STACK option as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.