Phil Auld

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the hwmon coretemp module. The issue occurs when coretemp add core() encounters an error, causing pdata->core data[indx] to be NULL and kfreed. Passing this NULL value to sysfs remove group() results in a crash. This can lead to a kernel NULL pointer dereference, as seen in the error log with a BUG message and a call trace involving sysfs remove group() and coretemp cpu offline(). The estimated number of potentially affected devices worldwide is not available. **Recommendations** To resolve this issue, check for NULL before removing sysfs attrs in the coretemp module. Specifically, modify the code to check if pdata->core data[indx] is NULL before passing it to sysfs remove group(). As a temporary workaround, consider disabling the coretemp module until a patch is available. However, the most effective solution is to apply the fix by checking for NULL first, as described in the vulnerability resolution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the initialization of topology for core scheduling on Arm64 systems. The issue arises when the `store cpu topology()` function fails to correctly set up the `smt mask`, leading to a mismatch between the actual topology and the core scheduling data structures. This can cause a warning and a crash, particularly when running stress-ng tests that enable core scheduling. The problem occurs because `rq->core` is not correctly set for non-leader CPUs, resulting in a NULL pointer dereference. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.