Minipli

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** The Linux kernel has a vulnerability in the tracefs module, where the use of generic inode RCU for synchronizing freeing can cause a list del corruption when running the ftrace selftests. This can lead to a kernel BUG and an invalid opcode error. The vulnerability is caused by the overlapping of RCU-used or initialized-only-once members in the struct inode, such as i lru or i sb list, when structure layout randomization is enabled. **Recommendations** To resolve this issue, update the Linux kernel to version 6.6.50 or later. If updating is not possible, consider disabling the tracefs module or restricting its use to minimize the risk of exploitation. Additionally, ensure that any kernel modules that interact with the tracefs module are updated and configured correctly.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the tracing system. When eventfs was introduced, special care was taken to coordinate the freeing of file meta data with files exposed to user space. However, a shortcut was made for the "format" file, which did not check the file's meta data flag `EVENT FILE FL FREED` before accessing the event. This caused a race condition that could be triggered via the user events test and running a loop to read user events format files, resulting in a use-after-free bug report. A new helper function `event file file()` was added to ensure the `event mutex` is held and return NULL if the `trace event file` has the `EVENT FILE FL FREED` flag set. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.9-rc7 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the nr recvmsg function in net/netrom/af netrom.c not initializing a certain data structure, which can be exploited via a crafted recvmsg or recvfrom system call. **Recommendations** For Linux kernel versions prior to 3.9-rc7, update to version 3.9-rc7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.8.4 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the failure of the net/dcb/dcbnl.c module in the Linux kernel to initialize certain structures, which can be exploited via a crafted application. **Recommendations** For versions prior to 3.8.4, update to version 3.8.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.5.4 **Description** The issue allows local users to gain privileges or cause a denial of service, resulting in a NULL pointer dereference and system crash. This can be achieved by leveraging the CAP NET ADMIN capability for a certain sender or receiver getsockopt call, specifically affecting the net/dccp/ccid.h file in the Linux kernel. **Recommendations** For Linux kernel versions prior to 3.5.4, update to version 3.5.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.6 **Description** The issue is related to the Bluetooth RFCOMM implementation in the Linux kernel, which does not properly initialize certain structures. This allows local users to obtain sensitive information from kernel memory via a crafted application. The exploitation of this issue enables local users to access confidential information from the kernel memory using a specially formed application. **Recommendations** For Linux kernel versions prior to 3.6, update to version 3.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.5.7 **Description** The issue is related to the `xfrm state netlink` function in the Linux kernel, which does not properly handle error conditions in `dump one state` function calls. This can be exploited by local users with the `CAP NET ADMIN` capability to gain privileges or cause a denial of service, resulting in a NULL pointer dereference and system crash. **Recommendations** For Linux kernel versions prior to 3.5.7, update to version 3.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.6 **Description** The Bluetooth protocol stack in the Linux kernel does not properly initialize certain structures, allowing local users to obtain sensitive information from kernel stack memory via a crafted application that targets the L2CAP or HCI implementation. **Recommendations** For Linux kernel versions prior to 3.6, update to version 3.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the L2CAP and HCI implementations until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.7.10 **Description** The issue is related to an array index error in the ` sock diag rcv msg` function, located in `net/core/sock diag.c`. This error can be triggered by a large family value in a Netlink message, potentially allowing local users to gain privileges. **Recommendations** For Linux kernel versions prior to 3.7.10, update to version 3.7.10 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.9-rc7 **Description** The issue allows local users to obtain sensitive information from kernel stack memory. This is due to the `caif seqpkt recvmsg` function in `net/caif/caif socket.c` not initializing a certain length variable, which can be exploited via a crafted `recvmsg` or `recvfrom` system call. Multiple vulnerabilities in the Linux operating system package may lead to disruption of confidentiality, integrity, and availability of protected information, potentially exploitable by a local attacker. **Recommendations** For Linux kernel versions prior to 3.9-rc7, update to version 3.9-rc7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `recvmsg` and `recvfrom` system calls to minimize the risk of exploitation.