Marek Szyprowski

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.18.0-rc5-next-20220504 **Description** A vulnerability in the Linux kernel has been identified, where the UDC driver incorrectly resets the gadget's driver internals, specifically the `driver->bus` entry. This issue is triggered by a change in the gadget subsystem, which introduced its own bus. The vulnerability leads to a NULL pointer dereference, causing a kernel panic. The error occurs when the `module add driver` function is called, resulting in a crash. **Recommendations** For Linux kernel versions prior to 5.18.0-rc5-next-20220504, the recommended fix is to remove the `driver->bus` entry reset in the UDC driver to prevent the NULL pointer dereference. This can be achieved by modifying the `dwc2` gadget driver to avoid touching the gadget's driver internals, especially the `driver->bus` entry. As a temporary workaround, consider disabling the `dwc2` gadget driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue is related to the virtio-blk component in the Linux kernel, where keeping the queue frozen during system suspend can cause deadlocks. The block layer's queue freeze can be handy but also easy to cause deadlocks, such as when calling into `bio queue enter()` if the queue is frozen in the current context. The motivation is to drain in-flight IOs before suspending, which can be done by calling freeze and unfreeze, restoring the previous behavior by keeping the queue quiesced during suspend. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider modifying the virtio-blk's PM callbacks to restore the previous behavior by keeping the queue quiesced during suspend, instead of keeping it frozen.