Patrik Lantz

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the optee component of the Linux kernel, where a bug in the page free mechanism can lead to incorrect memory deallocation. This can cause a denial of service. The problem arises when the pointer to allocated pages (struct page *page) is used to free pages using free pages(page, order), which can result in freeing arbitrary pages. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.15.11 **Description** A use-after-free exists in the TEE subsystem of the Linux kernel due to a race condition in `tee shm get from id` during an attempt to free a shared memory object. This issue is related to the system call implementation of TEE IOC OPEN SESSION or TEE IOC INVOKE and can be exploited to cause a denial of service or elevate privileges. The vulnerability was found by syzkaller and an exploit for controlling a PC is available, although it does not bypass PAN. **Recommendations** For Linux kernel versions through 5.15.11, update to a version newer than 5.15.11 to resolve the issue. As a temporary workaround, consider restricting access to the TEE subsystem to minimize the risk of exploitation.