Kernel Test Robot

**Name of the Vulnerable Software and Affected Versions:** Linux kernel versions prior to 6.12.0-rc6-01246-gf7f52738637f **Description:** A null-pointer dereference issue was identified in the `neigh flush dev()` function within the Linux kernel. This occurred due to a missing check when using the per-netdev neighbour list, specifically within `neigh table clear()` when called with a NULL device. The issue was initially reported by the kernel test robot and resulted in a general protection fault. **Recommendations:** Update to a version newer than 6.12.0-rc6-01246-gf7f52738637f.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns a function prototype mismatch in the `snd seq expand var event` function within the ALSA seq module of the Linux kernel. This mismatch can lead to a failure at runtime, manifesting as either a kernel panic or a thread being killed, when using Clang's kernel control flow integrity (kCFI, CONFIG CFI CLANG) to validate indirect call targets against expected function pointer prototypes. The functions `seq copy in user()` and `seq copy in kernel()` did not have prototypes matching `snd seq dump func t`, which has been adjusted and the casts removed, with no resulting binary output differences. This was discovered using Clang's new `-Wcast-function-type-strict` flag. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version that includes the fix for the md/bitmap vulnerability **Description** A vulnerability in the Linux kernel has been identified, which can cause a kernel crash when the bitmap area contains invalid data. This issue is specific to clustered environments and occurs when the kernel space handles bitmap slot information. The crash is triggered by a divide error in the `md bitmap create` function, which is called by `md bitmap read sb`. The vulnerability can be exploited by modifying the bitmap data, leading to a segmentation fault. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the md/bitmap vulnerability. As a temporary workaround, consider avoiding the use of clustered environments or restricting access to the `md bitmap create` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible null-pointer dereference in the `audit filter rules()` function. It was previously assumed that the `ctx` variable could be null, which led to the vulnerability. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to resource leaks in the `mtk phy init()` function. To fix this, `clk disable unprepare()` is used in the error path of `mtk phy init()`. This resolves some resource leaks in the Linux kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.