Nathan Chancellor

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.0 **Description** A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the da850-evm configuration for the ARM architecture. This issue occurs when booting with newer versions of GCC, resulting in a kernel panic. The problem arises because the emac pdata pointer in soc info is NULL, as davinci soc info only gets populated on davinci machines, but da850 evm config emac() is called on all machines. The error manifests as an "Unable to handle kernel NULL pointer dereference" message. **Recommendations** For Linux kernel version 5.15.0, move the rmii en assignment below the machine check to prevent the NULL pointer dereference. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the nl80211 component of the Linux kernel, where address calculations via out of bounds array indexing can occur. Before `request->channels[]` can be used, `request->n channels` must be set. Additionally, address calculations for memory after the "channels" array need to be calculated from the allocation base ("request") rather than via the first "out of bounds" index of "channels", otherwise run-time bounds checking will throw a warning. This vulnerability may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.0-rc3-00013-g34f66c4c4d55 **Description** The vulnerability is related to the incorrect byte-swapping of NOP instructions when compiling for big-endian architectures using LLVM's integrated assembler prior to version 15.0.0. This could result in the corruption of user or kernel FPSIMD state. The issue was unnoticed until a commit was made to use a positive cpucap for FP/SIMD, after which the instructions would trap during boot prior to FPSIMD being detected and enabled. **Recommendations** To resolve the issue, restrict CONFIG CPU BIG ENDIAN to a known good assembler, which is either GNU as or LLVM's IAS 15.0.0 and newer. This can be achieved by: - Using GNU as for assembly - Updating to LLVM's IAS 15.0.0 or newer for assembly No specific version of the Linux kernel is recommended for update, as the fix is related to the assembler used rather than the kernel version itself. However, using a version of the Linux kernel that includes the commit "arm64: Use a positive cpucap for FP/SIMD" (34f66c4c4d5518c1) or later would be advisable to ensure the issue is properly handled.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the interaction between wait for device probe() and deferred probe timeout. The issue caused mounting NFS rootfs to time out when deferred probe timeout was non-zero. This was due to ip auto config() initcall timing out while waiting for network interfaces to appear. Although a commit tried to fix this by making wait for device probe() wait for deferred probe timeout to expire, it introduced a deadlock or blocked kernel init() from continuing until the timeout expired. The changes to wait for device probe() were reverted to resolve the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.