Linus Torvalds

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to the netfilter component of the Linux kernel, specifically with the nf tables subsystem. The problem arises from the conditional validation of NFT DATA VALUE when storing data in registers. Since the datatype is always either NFT DATA VALUE or NFT DATA VERDICT, a new helper function can infer the register type from the set datatype, allowing the removal of the conditional check. Without this fix, a pointer to a chain object can be leaked through the registers, potentially leading to information disclosure. This vulnerability allows local attackers to disclose sensitive information on affected installations of the Linux Kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8 **Description** The Linux kernel has a vulnerability that can cause rare kernel crashes due to bad page status error messages. This issue is caused by a race condition between thread A allocating an extent buffer and thread B releasing a page, leading to a refcount underflow and eventually causing a BUG ON() on the page->mapping. The condition is not easy to hit and requires specific circumstances, such as the release being triggered for the middle page of an extent buffer. The vulnerability was introduced by a commit that changed the sequence of allocating a new extent buffer. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix, which moves all the code requiring i private lock into attach eb folio to filemap(), ensuring proper lock protection. Additionally, an extra lockdep assert locked() has been added to prevent future problems. As a temporary workaround, consider disabling the `alloc extent buffer()` function until a patch is available. Restrict access to the vulnerable `btrfs` module to minimize the risk of exploitation. Avoid using the `folio detach private()` function in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.26/5.16.12 **Description** The issue is related to a race condition in the `sched fork()` function, which can be exploited to gain elevated privileges on vulnerable systems. This occurs because a task is not placed on the runqueue before it gets exposed through the pidhash, allowing for a race vs syscalls. The commits 4ef0c5c6b5ba and 13765de8148f are related to fixing this issue, with the latter trying to fix a single instance of the problem but instead fixing the whole class of issues. **Recommendations** To resolve the issue, upgrade the affected Linux kernel versions to 5.15.26/5.16.12 or later. As a temporary workaround, consider restricting access to the vulnerable `sched fork()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** The issue allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field in the ext4 journal stop function. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Linux versions 2.4 and 2.5 Description: The kernel strncpy function does not %NUL pad the buffer on architectures other than x86, contrary to the expected behavior of strncpy as implemented in libc. This discrepancy could lead to information leaks. Recommendations: For Linux versions 2.4 and 2.5, consider applying a patch or modification to the kernel strncpy function to ensure %NUL padding of the buffer on all architectures. At the moment, there is no information about a newer version that contains a fix for this vulnerability.