Miquel Raynal

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A reference counting issue in the Linux kernel has been identified, specifically in the atmel nand controller init function. This issue occurs in several error handling paths where the function returns an error code without properly balancing the reference count of the `nc->dmac` object, which was previously increased by `dma request channel()`. This can lead to refcount leaks. **Recommendations** To resolve this issue, apply the fix that decrements the refcount of the specific object in the error paths. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A double free vulnerability was found in the Linux kernel's mtd: rawnand module, specifically in the `atmel pmecc create user()` function. The issue occurred because the "user" pointer was converted from being allocated with `kzalloc()` to being allocated by `devm kzalloc()`, and calling `kfree(user)` would lead to a double free. **Recommendations** For Linux kernel versions prior to 6.6.74, update to version 6.6.74 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `atmel pmecc create user()` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a memory leak in the Linux kernel's ieee802154 component, specifically in the ca8210 module. When an error occurs, the `ieee802154 xmit complete()` helper is not called, and only `ieee802154 wake queue()` is called manually, resulting in a leak of the `skb` structure. This can lead to a denial of service. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.10.70 **Description** A vulnerability in the Linux kernel has been resolved, which was caused by an incorrect inversion of calls to `dsps setup optional vbus irq()` and `dsps create musb pdev()` without updating the error path. This led to a kernel crash due to a NULL pointer dereference on the Beagle Bone Black Wireless when using the USB Ethernet gadget driver. The issue occurred because `dsps create musb pdev()` allocates and registers a new platform device, which must be unregistered and freed with `platform device unregister()`, but this was missing upon `dsps setup optional vbus irq()` error. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the error path. At the moment, there is no information about a newer version that contains a fix for this vulnerability.