Konrad Dybcio

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A race condition exists between the pwrctl platform device rescanning the bus and host controller probe functions when adding PCI power control code. This can lead to an undefined state with two incompletely added devices, resulting in a crash when trying to remove the device over sysfs, causing a kernel NULL pointer dereference. The issue is related to the `pci remove resource files` and `pci remove sysfs dev files` functions, and the `kernfs find ns` and `kernfs remove by name ns` functions are also involved in the call trace. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue arises from the Linux kernel's handling of GPU device initialization, specifically in the `drm/msm/adreno` component. In certain cases, such as when speedbin data is present in the catalog but `opp-supported-hw` is missing in the device tree, the `msm gpu cleanup()` function is called with `gpu->pdev` equal to `NULL`. This occurs because the GPU device has not been fully initialized. Assigning `msm gpu->pdev` earlier is considered the least painful solution to avoid `nullptr` dereferences. Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider modifying the kernel code to assign `msm gpu->pdev` earlier in the initialization process to avoid `nullptr` dereferences. Restrict access to the vulnerable `drm/msm/adreno` component to minimize the risk of exploitation until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a nullptr dereference in the Linux kernel's drm/msm/a6xx component when the speedbin setting fails. This occurs when `a6xx destroy()` is called before `adreno gpu init()`, leading to a null pointer dereference in `msm gpu cleanup()` due to `gpu->pdev` being assigned only in `a6xx gpu init()`. The problem is resolved by explicitly de-allocating the LLC data and freeing `a6xx gpu` instead of relying on null checks. There is no information provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** The issue is related to the thermal drivers in the Linux kernel, specifically the qcom/lmh driver. A check for SCM availability was not performed, leading to possible null pointer dereferences. This issue has been resolved by adding the necessary check. **Recommendations** Update to Linux kernel version 6.6.37 or later to resolve the issue. As a temporary workaround, consider disabling the thermal drivers until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the affected driver until the issue is resolved.