Palash Oswal

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.0.8 **Description** The issue is related to a use-after-free in the `run unpack()` function in the `fs/ntfs3/run.c` component of the Linux kernel. This occurs due to a difference between NTFS sector size and media sector size, potentially allowing an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Linux kernel versions prior to 6.0.8, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the `fs/ntfs3/run.c` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.0.8 **Description** The issue is related to a use-after-free in the `inode cgwb move to attached()` function in `fs/fs-writeback.c`, which is connected to the ` list del entry valid()` function. This could potentially allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Linux kernel version 6.0.8, consider applying a patch or updating to a newer version that fixes the use-after-free issue in the `inode cgwb move to attached()` function. As a temporary workaround, consider restricting access to the `fs/fs-writeback.c` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.0.8 **Description** The issue is related to an out-of-bounds read in the `ntfs attr find()` function in `fs/ntfs/attrib.c`. This can potentially allow an attacker to cause a denial of service. **Recommendations** For Linux kernel version 6.0.8, consider disabling the `ntfs attr find()` function as a temporary workaround until a patch is available. Restrict access to the `fs/ntfs/attrib.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.0.8 **Description** The issue is related to a use-after-free vulnerability in the `ntfs trim fs()` function of the `fs/ntfs3/bitmap.c` component in the Linux kernel. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is associated with the use of memory after it has been freed. **Recommendations** For Linux kernel version 6.0.8, consider disabling the `ntfs trim fs()` function as a temporary workaround until a patch is available. Restrict access to the `fs/ntfs3/bitmap.c` component to minimize the risk of exploitation. Avoid using the affected kernel version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds read flaw in the Linux kernel's io uring module. This flaw can be triggered by a user calling the `io read()` function with specific parameters, allowing a local user to read memory out of bounds. This could potentially lead to the disclosure of protected information or cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.