Mikhail Gavrilov

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.0-10-133577cad6bf48e5a7848c4338124081393bfe8a+ #759 **Description** A vulnerability in the Linux kernel has been resolved, related to the ALSA memalloc component. The issue arises when the CONFIG DMA API DEBUG option is enabled, resulting in a warning about a device driver failing to check for map errors. The warning is triggered by the `dma mapping error()` function, which is recommended for checking returned DMA addresses. The vulnerability is associated with the `snd hda intel` device driver and involves the `debug dma unmap page()`, `snd dma wc free()`, `snd pcm lib free pages()`, `snd pcm common ioctl()`, and `snd pcm ioctl()` functions. **Recommendations** To resolve the issue, update the Linux kernel to a version later than 6.12.0-10-133577cad6bf48e5a7848c4338124081393bfe8a+ #759. As a temporary workaround, consider disabling the `CONFIG DMA API DEBUG` option to prevent the warning from being triggered. However, this is not a recommended long-term solution, as it may mask other potential issues.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A subtle bug has been found in the Linux kernel's maple tree implementation, which can cause tree corruption when performing a spanning store across two leaf nodes. This bug has been present since the inception of the algorithm and seems to occur more frequently after a specific commit. The issue arises when the store completely consumes the right-mode node, resulting in the `mas wr spanning store()` function mistakenly duplicating new and existing entries at the maximum pivot within the range. A fix patch has been created to detect and disallow this scenario, and a test has been included to reliably reproduce the issue and assert that the fix works correctly. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8 **Description** The Linux kernel has a vulnerability that can cause rare kernel crashes due to bad page status error messages. This issue is caused by a race condition between thread A allocating an extent buffer and thread B releasing a page, leading to a refcount underflow and eventually causing a BUG ON() on the page->mapping. The condition is not easy to hit and requires specific circumstances, such as the release being triggered for the middle page of an extent buffer. The vulnerability was introduced by a commit that changed the sequence of allocating a new extent buffer. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix, which moves all the code requiring i private lock into attach eb folio to filemap(), ensuring proper lock protection. Additionally, an extra lockdep assert locked() has been added to prevent future problems. As a temporary workaround, consider disabling the `alloc extent buffer()` function until a patch is available. Restrict access to the vulnerable `btrfs` module to minimize the risk of exploitation. Avoid using the `folio detach private()` function in the affected API endpoint until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0 Description: The issue is related to a use-after-free vulnerability in the `mt7921 irq handler` function. This vulnerability can be exploited to cause a denial of service. The vulnerability occurs when the shared irq handler is not able to handle an unexpected event after deregistration, leading to a use-after-free condition. Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the use-after-free vulnerability in the `mt7921 irq handler` function. As a temporary workaround, consider disabling the `mt7921 irq handler` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 71 **Description** The issue is related to memory safety bugs, including evidence of memory corruption, which could potentially be exploited to run arbitrary code. Exploitation of this issue may allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** For versions prior to 71, update to version 71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 69 Firefox ESR versions prior to 68.1 **Description** The issue is related to a buffer overflow due to unchecked input size, which could allow a remote attacker to gain unauthorized access to information and compromise its integrity and availability. There are memory safety bugs present, some of which show evidence of memory corruption, and it is presumed that these could be exploited to run arbitrary code with enough effort. **Recommendations** For Firefox versions prior to 69, update to version 69 or later to resolve the issue. For Firefox ESR versions prior to 68.1, update to version 68.1 or later to resolve the issue.