Qiang Zhang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.37 **Description** A vulnerability in the Linux kernel has been resolved, related to the bootconfig feature. The issue occurs when freeing xbc memory in the xbc exit() function, where memblock may have already handed over memory to the buddy allocator. This can cause use-after-free (UAF) bugs on architectures with CONFIG ARCH KEEP MEMBLOCK disabled, such as x86. The patch fixes this problem by calling memblock free() in the early xbc init error rewind path and memblock free late() in the xbc exit path to free memory to the buddy allocator. **Recommendations** To resolve this issue, update the Linux kernel to version 6.6.37 or later. If updating is not possible, consider temporarily disabling the bootconfig feature or restricting access to the vulnerable memory area until a patch can be applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the kprobes/x86 component of the Linux kernel, where the function arch adjust kprobe addr() uses copy from kernel nofault() to read from an unsafe address before checking if the address is in text or not. This can cause a kernel panic if a user specifies an inaccessible data area. The Syzcaller bot found a bug and reported the case. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.