Peter Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A deadlock occurs when runtime suspend waits for the flush of RTC work, and the RTC work calls `ufshcd rpm get sync()` to wait for runtime resume. This issue is resolved by skipping the update of the Real-Time Clock (RTC) if the RPM state is not RPM ACTIVE. The deadlock backtrace involves several functions, including ` switch to()`, ` schedule()`, `schedule()`, `schedule timeout()`, `do wait for common()`, `wait for completion()`, ` flush work()`, ` cancel work sync()`, `cancel delayed work sync()`, ` ufshcd wl suspend()`, `ufshcd wl runtime suspend()`, `scsi runtime suspend()`, ` rpm callback()`, `rpm suspend()`, ` pm runtime suspend()`, `scsi runtime idle()`, `rpm idle()`, ` pm runtime idle()`, `ufshcd rtc work()`, `process one work()`, `worker thread()`, `kthread()`, and `ret from fork()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a racing condition between the `ufshcd mcq abort()` function and the Interrupt Service Routine (ISR) in the Linux kernel's UFS (Universal Flash Storage) component. When a command timeout occurs and the completion IRQ is raised simultaneously, `ufshcd mcq abort()` clears the `lprb->cmd` pointer, leading to a NULL pointer dereference in the ISR. This can cause a kernel crash, resulting in a denial of service. The error log indicates a device abort task at tag 18 and an inability to handle a kernel NULL pointer dereference at a specific virtual address. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: atftp version 0.7.git20120829-3.1+b1 Description: The issue is related to a denial of service vulnerability in the atftpd daemon functionality. It can be exploited by a remote attacker using a specially crafted sequence of RRQ-Multicast requests, triggering an assert() call that results in a denial of service. An attacker can send malicious packets to trigger this issue. Recommendations: For atftp version 0.7.git20120829-3.1+b1, consider restricting access to the atftpd daemon functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the `assert()` function in the atftpd daemon until a fix is provided.

**Name of the Vulnerable Software and Affected Versions** freeDiameter version 1.3.2 **Description** A denial of service issue exists in the freeDiameter functionality, where a specially crafted Diameter request can cause memory corruption, resulting in denial-of-service. An attacker can exploit this by sending a malicious packet. **Recommendations** For freeDiameter version 1.3.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.