Pietro Borrello

**Name of the Vulnerable Software and Affected Versions** SCONE Confidential Computing Platform versions prior to 5.8.0 **Description** An issue was discovered in the SCONE Confidential Computing Platform, where the lack of pointer-alignment logic in ` scone dispatch` and other entry functions allows a local attacker to access unauthorized information, also known as an "AEPIC Leak". This issue affects the Intel SGX platform. **Recommendations** For versions prior to 5.8.0, update to version 5.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` scone dispatch` function and other affected entry functions until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw in the Linux kernel may trigger a use-after-free when a malicious USB device, advertising itself as an Asus device, is plugged in or disconnected. This issue is related to the asus kbd backlight set function and the struct asus kbd leds *led structure. A malicious USB device may exploit this issue to cause memory corruption with controlled data. The vulnerability is associated with a use-after-free in the asus kbd backlight set function of the ASUS USB keyboard driver, which may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to a flaw in the Linux Kernel's RDS protocol, specifically in the rds rm zerocopy callback() function. This function uses list entry() on the head of a list, causing a type confusion. A local user can trigger this issue with rds message put(), leading to `struct rds msg zcopy info *info` pointing to something else that is potentially controlled by the local user. This results in an out of bounds access and a lock corruption. The flaw is associated with incorrect handling of a data block list. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a type confusion in the Linux kernel's `pick next rt entity()` function, which may return a type confused entry not detected by the `BUG ON` condition. This can lead to memory corruption as the confused entry is used as a `sched rt entity`. The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to a flaw in the Linux Kernel, specifically with the tun/tap sockets having their socket UID hardcoded to 0 due to a type confusion in their initialization function. This could lead to tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. The flaw is also associated with the use of an inappropriate data structure description for reading data from memory in the `tap open()` function of the TAP virtual network adapter driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 6.1.9 **Description** The issue is related to a Use-After-Free in the `bigben remove` function in `drivers/hid/hid-bigbenff.c`. This can be exploited via a crafted USB device, potentially leading to a denial of service or local escalation of privilege. The exploitation does not require additional execution privileges or user interaction. The vulnerability is caused by the LED controllers remaining registered for too long. **Recommendations** For Linux kernel versions through 6.1.9, consider disabling the `bigben remove` function in `drivers/hid/hid-bigbenff.c` as a temporary workaround to minimize the risk of exploitation. Restrict access to the `hid-bigbenff` driver to prevent the use of crafted USB devices.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A flaw was found in the Linux Kernel, where the `tls is tx ready()` function incorrectly checks for list emptiness. This can potentially lead to accessing a type-confused entry to the `list head`, causing the last byte of the confused field to overlap with `rec->tx ready`, resulting in a leak. The issue is related to the implementation of the TLS protocol in the Linux Kernel and may lead to a denial of service if exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak flaw in the Linux kernel's Stream Control Transmission Protocol (SCTP) implementation. This flaw can be exploited when a user starts a malicious networking service and someone connects to this service, potentially leading to a denial of service due to resource starvation for local users. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem. This issue arises when a user inserts a malicious USB device, allowing a local user to crash or potentially escalate their privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors versions 10 through 12 Intel(R) Processors (affected versions not specified) **Description** The issue is related to improper isolation of shared resources in some Intel(R) Processors, which may allow a privileged user to potentially enable information disclosure via local access. This is caused by an architectural flaw that allows access to uninitialized data left in the Advanced Programmable Interrupt Controller (APIC) registers after previous operations. The problem affects systems using the Software Guard Extensions (SGX) technology. **Recommendations** For Intel(R) Processors versions 10 through 12: Update microcode packages to fix the security vulnerability. For Intel(R) Processors (affected versions not specified): At the moment, there is no information about a newer version that contains a fix for this vulnerability.