Qian Cai

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the Linux kernel's sched/scs component, where a stale state can be left after a CPU is offlined and then onlined back into the kernel. This stale state can cause problems with execution, including bogus KASAN warnings and memory leaks. The issue arises when the idle task on a CPU calls a few layers of C code before leaving the kernel, and when KASAN is in use, poisoned shadow is left around for each active stack frame. The problem can be exacerbated across multiple hotplug cycles, potentially making the entire shadow call stack unusable. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential memory leak in the cppc cpufreq cpu init component of the Linux kernel. This memory leak occurs when resources are allocated but not freed in case of a failure. The vulnerability can be exploited to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.7 Description: The issue is caused by a buffer overflow in the Kernel-based Virtual Machine (KVM) subsystem of the Linux kernel, specifically affecting components arch/s390/kvm/kvm-s390.c, include/linux/kvm host.h, and virt/kvm/kvm main.c. This allows an attacker to impact the confidentiality, integrity, and availability of protected information. The KVM subsystem permits out-of-range access to memslots after a deletion. Recommendations: For versions prior to 5.7, update to version 5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM subsystem until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5.1 **Description** The issue is related to multiple memory leaks in error paths in the fs/xfs/xfs attr list.c file. This can be exploited by local users through crafted XFS filesystem operations, leading to a denial of service due to memory consumption. **Recommendations** For Linux kernel versions prior to 4.5.1, update to version 4.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to XFS filesystem operations to minimize the risk of exploitation.