Qiu-Ji Chen

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an atomicity violation in the `fmc send cmd()` function. This occurs when the function is executed simultaneously with the modification of the `fmdev->resp skb` value. If the `fmdev->resp skb` variable is assigned a null value after passing the validity check, it may result in a null pointer dereference error. The error can occur at the line where `evt hdr = (void *)skb->data;` is executed, because `skb = fmdev->resp skb;` may be invalid. To address this issue, it is recommended to include the validity check of `fmdev->resp skb` within the locked section of the function to maintain its validity. **Recommendations** To resolve the issue, include the validity check of `fmdev->resp skb` within the locked section of the `fmc send cmd()` function. This modification ensures that the value of `fmdev->resp skb` does not change during the validation process, thereby maintaining its validity. As a temporary workaround, consider adding locks to prevent concurrent execution of the `fmc send cmd()` function with the modification of the `fmdev->resp skb` value.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A resource release issue in the `xenbus dev probe()` function has been identified. The function incorrectly returns an error without releasing resources allocated by `drv->probe(dev, id)`, leading to potential problems. The issue was fixed by adding a new block to release resources, preventing a reference count leak. This bug was discovered using an experimental static analysis tool that detects potential issues with resource management. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the patch for the `xenbus dev probe()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.