Lei Lu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The `nfsd4 setclientid confirm()` function did not check the return value from `get client locked()`. A `SETCLIENTID CONFIRM` operation could race with a confirmed client expiring, failing to obtain a reference, and potentially leading to a use-after-free (UAF) condition. The issue was addressed by obtaining a reference early in the case of an existing confirmed client and handling failures appropriately. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel, where a vulnerability has been resolved by adding sanity checks for `xfs dir2 data unused` and `xfs dir2 data entry` to prevent accessing memory beyond valid regions. Before the patch, a crafted image could lead to an out-of-bounds read when accessing fixed members. The patch ensures that the remaining bytes are large enough to hold an unused entry or a dirent with a single-byte name before accessing these variables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a lack of verification of the space occupied by fixed members of `xlog op header` in the `xlog recover process data` function. This can be exploited by creating a crafted image to trigger an out of bounds read. The exploitation involves several steps, including mounting an image of xfs, performing file operations, and modifying the image to simulate abnormal exit conditions. Technical details include modifying `xlog rec header->h num logops` and `xlog rec header->h crc` to create a vulnerable scenario. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a function in the Linux kernel's NTFS3 file system module, specifically the `log replay()` function in `fs/ntfs3/fslog.c`, which is associated with reading memory beyond the allocated buffer. This could potentially impact the confidentiality and availability of protected information. The vulnerability has been resolved by adding checks for `attr names` and `oatbl` and implementing out-of-bound checking for `*ane` (ATTR NAME ENTRY) in the `fs/ntfs3` module. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a strict bound check before memcmp in the ocfs2 xattr find entry() function. The xattr in ocfs2 may be 'non-indexed', which is saved with additional space requested. It's better to check if the memory is out of bound before memcmp, although this possibility mainly comes from crafted poisonous images. The vulnerability is associated with reading memory beyond the allocated buffer, which could allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** The issue is related to the ocfs2 xattr find entry() function in the Linux kernel's ocfs2 file system module, which is vulnerable to out-of-bounds memory access. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be exploited by crafted images, and a paranoia check has been added to prevent out-of-bound access. **Recommendations** For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the ocfs2 file system module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.9 **Description** The issue is related to the btrfs file system in the Linux kernel. It was discovered that the kernel did not properly set the WRITTEN flag on all metadata blocks, which could lead to corruption on disk and out-of-bounds access. This was reported by KASAN as a wild-memory-access. The vulnerability was hit on a crafted image tweaking the WRITTEN bit. **Recommendations** To resolve the issue, upgrade the Linux kernel to version 6.8.9 or later. This will ensure that the WRITTEN flag is properly set on all metadata blocks, preventing potential corruption and out-of-bounds access.