Luis Henriques

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.10.0+ Description: A problem was fixed in the Linux kernel involving a bug in the ext4 fast-commit replay path. This issue can be triggered with fstest generic/629 on a filesystem with the fast-commit feature enabled, resulting in a kernel trace. The code attempts to lock an uninitialized spinlock `sbi->s bdev wb lock` in the `ext4 check bdev write error()` function. Moving the initialization of this spinlock to an earlier point in ` ext4 fill super()` fixes the issue. Recommendations: To resolve the issue, update the Linux kernel to a version that includes the fix for the uninitialized lock in the ext4 fast-commit replay path. As a temporary workaround, consider disabling the fast-commit feature on affected filesystems until a patch is available. Restrict access to the vulnerable `ext4 check bdev write error()` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the `virtio fs probe()` function when the same tag is passed twice to qemu, causing kmemleak to report a memory leak in virtiofs. The error is indicated by a log message stating "virtiofs: probe of virtio5 failed with error -17". The vulnerability may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.