Marek Vasut

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, which was causing a system hang. The issue occurred when the `ks8851 irq()` thread called `ks8851 rx pkts()` and subsequently `netif rx()`, leading to a deadlock situation. The `local bh enable()` function may call `do softirq()` to run softirqs, one of which is `net rx action`, ultimately reaching the driver's `.start xmit` callback and causing the system to hang. The hang happens because `ks8851 irq()` first locks a spinlock in `ks8851 par.c` and then calls `netif rx()`, which attempts to claim the already locked spinlock again. To fix this, the `do softirq()` call is moved outside of the spinlock protected section of `ks8851 irq()` by disabling BHs around the entire spinlock protected section, allowing `do softirq()` to trigger without the spinlock being held. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the ASoC component in the Linux kernel, specifically with the function `snd soc put volsw()`. The problem arises because the limits of the control can be signed integers, and the `$min` value can be non-zero and less than zero. To correctly validate `$val`/`$val2` against `platform max`, the `$min` offset needs to be added to `val` first. This issue can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference crash that occurs when unloading the driver. Specifically, `mxsfb->crtc.funcs` may already be NULL when unloading, leading to a NULL pointer dereference when calling `mxsfb irq disable()` via `drm irq uninstall()` from `mxsfb unload()`. To resolve this, the fix uses `mxsfb->base` to clear and mask the IRQ, as it remains valid. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.