Nikolay Aleksandrov

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.50 **Description** A vulnerability has been resolved in the Linux kernel, specifically in the bonding module, where a null pointer dereference could occur when setting `real dev` to NULL while packets are in transit and `xfrm` might call `xdo dev offload ok()` in parallel. All callbacks assume `real dev` is set. This issue can lead to a page fault and potentially cause the system to crash. **Recommendations** To resolve this issue, update the Linux kernel to version 6.6.50 or later. If updating is not possible, consider disabling the bonding module or restricting its use until an update can be applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue has been resolved in the Linux kernel. The issue is related to the bonding functionality, specifically in the `bond ipsec offload ok` function. It is necessary to check if there is an active slave before dereferencing the pointer to prevent the null pointer dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.0-rc1+ #446 **Description** The Linux kernel has a vulnerability that can cause a null pointer dereference when IPv6 is not enabled. This occurs when trying to add an IPv6 nexthop, resulting in a call to `ipv6 stub->fib6 nh release` in the error path of `nh create ipv6()`. The bug has been present since the beginning of IPv6 nexthop gateway support. To fix this, the dummy stub's `-EAFNOSUPPORT` error should be returned directly without calling `ipv6 stub->fib6 nh release` in `nh create ipv6()`'s error path. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions prior to 5.16.0-rc1+ #446 are affected. As a temporary workaround, consider disabling the `nh create ipv6()` function until a patch is available. However, this may have unintended consequences and should be approached with caution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12.13 **Description** The issue is related to a null pointer dereference in the Linux kernel's bridge tunnel due to lockless access in the tunnel egress path. When a VLAN tunnel is deleted, the `tunnel dst` pointer is set to NULL without waiting for a grace period, and packets egressing are dereferencing it without checking. The patch fixes this by using `READ/WRITE ONCE` to annotate the lockless use of `tunnel id` and RCU for accessing `tunnel dst`, ensuring it is read only once and checked in the egress path. **Recommendations** To resolve the issue, upgrade the Linux kernel to version 5.12.13 or later. As a temporary workaround, consider disabling the VLAN tunnel functionality until a patch is available. Restrict access to the vulnerable `tunnel dst` pointer to minimize the risk of exploitation. Avoid using the `tunnel id` variable in the affected code path until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.0-rc3+ #360 **Description** The vulnerability is related to the egress tunnel code in the Linux kernel's bridge module. The code uses `dst clone()` and directly sets the result, which can cause problems if the entry has a reference count of 0 or has already been deleted. This triggers a `WARN ON()` in `dst hold()` when a reference count cannot be taken. The issue is fixed by using `dst hold safe()` and checking if a reference was actually taken before setting the destination. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the vulnerability. Specifically, for Linux kernel version 5.13.0-rc3+ #360, update to a newer version that includes the patch for the `net: bridge: fix vlan tunnel dst refcnt when egressing` vulnerability. As a temporary workaround, consider disabling the vulnerable function or restricting access to the affected module to minimize the risk of exploitation. However, this should not be considered a permanent solution, and updating the kernel to a patched version is recommended as soon as possible. At the moment, there is no information about a newer version that contains a fix for this vulnerability, other than updating to a version after 5.13.0-rc3+ #360.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** The issue allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field in the ext4 journal stop function. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** openSUSE kernel versions prior to 3.13.6 **Description** The issue is related to multiple vulnerabilities in the openSUSE operating system, specifically in various kernel packages. These vulnerabilities can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of these vulnerabilities can be carried out remotely. A race condition in the inet frag intern function in net/ipv4/inet fragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service (use-after-free error) or possibly have unspecified other impact via a large series of fragmented ICMP Echo Request packets to a system with a heavy CPU load. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.