Oliver Sang

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to the Linux kernel, where a vulnerability has been resolved. The problem occurs when the `hctx` is not removed from the cpuhp callback list, which can lead to a use-after-free condition if it is reused. This can potentially cause issues with system stability and security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the vduse component when accessing the control device's msg timeout attribute via sysfs. This issue occurs because the control device lacks drvdata, leading to a NULL pointer dereference. The problem is evident when the `msg timeout show` function is called, resulting in a kernel NULL pointer dereference error. **Recommendations** To resolve this issue, do not create the unneeded attribute for the control device anymore, as this attribute is the cause of the NULL pointer dereference.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.58 **Description** The issue is related to a use-after-free vulnerability in the Linux kernel's RDMA/iwcm component. This vulnerability can lead to a denial of service. The problem arises when the function `flush workqueue` is invoked to flush the work queue `iwcm wq`, which was created without the flag `WQ MEM RECLAIM`. This can cause a deadlock if the current process is reclaiming memory or running on a workqueue without the `WQ MEM RECLAIM` flag. Technical details include the involvement of functions such as `destroy cm id` and ` flush workqueue`, and variables like `iwcm wq`. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider restricting access to the vulnerable `iwcm` module to minimize the risk of exploitation. Avoid using the `iwcm wq` work queue in critical operations until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an array out-of-bounds access in the toshiba acpi driver. This occurs because the toshiba dmi quirks array is not properly terminated with an empty entry, which is required for use with standard DMI matching functions. As a result, an array out-of-bounds access happens every time the quirk list is processed. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.7.0-rc4-00061-gefa7df3e3bb5 **Description** The vulnerability is related to a bug in the Linux kernel's memory management component, specifically in the `try get folio` function. This bug can cause a kernel BUG at `include/linux/page ref.h:275` due to an invalid opcode. The issue is reported on a non-SMP kernel and is associated with the `mm/gup.c` file. The vulnerability may allow an attacker to cause a denial of service. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, update to a version later than 6.7.0-rc4-00061-gefa7df3e3bb5. If updating is not possible, consider disabling the `try get folio` function or restricting access to the vulnerable `mm/gup.c` module as a temporary workaround. However, these workarounds may have unintended consequences and should be thoroughly tested before implementation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a buffer overflow in the netfilter component of the Linux kernel. This can be exploited to cause a denial of service. The problem occurs when destroying all sets, and either the pernet exit phase or a "destroy all sets command" from userspace is executed. The patch adds a required check to `rcu dereference protected()` in `ip set dereference()` to address this issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when writing at or above the EOF position in writethrough mode, causing a problem if there's a partial folio at the end of the file that is being written out and another write is attempted. This results in a warning due to conflicting writes trying to clear the writeback mark. The fix involves making the flush-and-wait unconditional, which will do nothing if there are no folios in the pagecache and return quickly if there are no folios in the region specified. Additionally, the WBC attachment is moved above the flush call to share it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to the serial component of the Linux kernel and involves a NULL pointer dereference in the `uart tty port shutdown()` function. This can lead to a denial of service. The issue arises because the PM or other timer-based callbacks may still trigger after the circular buffer is NULLified, and the serial code is inconsistent in checking the buffer state. The proposed change aims to prevent asynchronous calls to dereference a NULL pointer by aligning the buffer pointer and head-tail positions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to errors in pointer dereferencing in functions such as `create dir()`, ` kobject del()`, `kobject cleanup()`, and `kobj child ns ops()` in the Linux kernel's b/kobject.c library. Exploitation of this issue may allow a remote attacker to cause a denial of service. The problem is reported to be caused by a commit that removed redundant checks for whether `ktype` is NULL, which has been reverted until the root cause can be found. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out of bounds access for empty sysctl registers in the Linux kernel. When registering tables to the sysctl subsystem, there is a check to see if the header is a permanently empty directory. This check evaluates the first element of the `ctl table`, resulting in an out of bounds evaluation when registering empty directories. The function `register sysctl mount point` now passes a `ctl table` of size 1 instead of size 0, relying solely on the type to identify a permanently empty register. It is essential to ensure that the `ctl table` has at least one element before testing for permanent emptiness. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A resolved issue in the Linux kernel involves avoiding out of bounds access when parsing CPC data in the ACPI CPPC component. Specifically, if the `NumEntries` field in the CPC return package is less than 2, the code should not attempt to access the `Revision` element of that package, as it may not be present. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.