Light Hsieh

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential use-after-free in the `posix lock inode` function. A KASAN UAF warning was reported in `trace posix lock inode()`, where the request pointer had been changed to point to a lock entry that was added to the inode's list, but before the tracepoint could fire, another task freed that lock. This is a race condition that could allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's f2fs file system, where shutdown does not check the error of thaw super due to readonly, causing a deadlock. The deadlock occurs when f2fs ioc shutdown is called with F2FS GOING DOWN FULLSYNC, leading to a series of function calls that result in a wait for kthread stop(discard thread). Technical details about the issue include the involvement of functions such as f2fs stop checkpoint, f2fs handle critical error, and thaw super locked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.