Ricardo Ribalda

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A crash can occur in the Linux kernel during the unbind process of a device if a gpio unit is in use. This happens because the wrong device is used for device managed functions, specifically using the usb device instead of the interface device. As a result, cleanup functions are not called when the driver is unbound from the usb interface, leading to an IRQ that is never disabled. If an IRQ is triggered, it attempts to access memory sections that have already been freed, causing an error. The impact of this issue is limited, affecting only devices with gpio units and requiring the user to unbind the device, as a disconnect does not trigger this error. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, specifically in the uvcvideo media module. The issue involves dangling pointers that occur when an async control is written and a pointer to the file handle is copied. If the user closes the file descriptor, its structure is freed, leaving dangling pointers that the driver will attempt to use. The vulnerability is related to the handling of async operations and file descriptors. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the dangling pointers in the uvcvideo module. At the moment, there is no information about a specific version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A buffer overflow issue has been resolved in the Linux kernel, specifically in the `stk1160 copy video()` function. The issue arises from a reversed subtraction condition, which results in an unsigned value that is always negative, leading to a very high positive value. This causes the overflow check to never be true. The `->bytesused` variable does not work as intended for this purpose, and the math to calculate the destination where data is being written is complex. To fix this issue, the actual destination where data is being written is checked, and if the offset is out of bounds, an error is printed and the function returns. Otherwise, data is written up to `buf->length` bytes. **Recommendations** To resolve this issue, update to a version of the Linux kernel that includes the fix for the `stk1160 copy video()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `set fmt` error handling in the Linux kernel's `intel-ipu3` driver. If an error occurs during a `set fmt`, the previous sizes are overwritten with the invalid config, leading to `v4l2-compliance` allocating 4GiB of RAM and causing out-of-memory errors. This can result in a general protection fault. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the `imu fmt` function of the `intel-ipu3` component in the Linux kernel. This leak occurs due to the loss of reference to allocated memory. The vulnerability can be exploited to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.