Oliver Neukum

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically within the usbnet module. The problem arises from the `usbnet write cmd async()` function, which incorrectly handles buffer freeing in error cases. This results in a memory leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the fix **Description** A vulnerability in the Linux kernel has been resolved, specifically in the usb: vhci-hcd driver. The issue involves the driver carrying stale pointers to references that can still be used, which can lead to potential security risks. The vulnerability affects versions prior to the fix, and remediation is available in versions post-commit. **Recommendations** Update to a version of the Linux kernel that includes the fix for this vulnerability to ensure security. As a temporary workaround, consider disabling the vulnerable `usb: vhci-hcd` driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.7 **Description** The issue is related to an integer overflow in the aqc111 driver. If a device sends a packet with a length between 0 and sizeof(u64), the value passed to `skb trim()` as length will wrap around, resulting in a very large value. The driver will then proceed to parse the header at that position, which may cause it to process a random value or crash. The fix involves checking against sizeof(u64) rather than 0. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.7 or later. As a temporary workaround, consider restricting access to the vulnerable aqc111 driver until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.12 **Description** The issue is related to errors in handling frame lengths in the Linux kernel, specifically in the drivers/net/usb/sr9700.c file. This can allow an attacker to obtain sensitive information from heap memory by crafting frame lengths from a device. **Recommendations** For Linux kernel versions prior to 5.16.12, update to version 5.16.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `sr9700.c` driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the CDC-NCM component in the Linux kernel, where a broken device may provide an extreme offset and a reasonable length for a fragment, causing an integer overflow in the sanity check. This defeats the sanity check, allowing potential exploitation. The quantities `offset` and `offset + len` should be checked to prevent overflow, and these quantities should be unsigned. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.