Robert Morris

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the fixed version **Description** A vulnerability in the Linux kernel has been resolved, related to the USB hub driver. The issue occurs when a non-compliant device with multiple configurations or interfaces is connected, causing the `usb hub to struct hub()` function to dereference a NULL or inappropriate pointer. This can lead to a general protection fault. The problem arises because the hub driver binds to interface 1 instead of interface 0, which is where `usb hub to struct hub()` looks. The vulnerability can be prevented by refusing to accept hub devices that violate the USB specification. **Recommendations** For Linux kernel versions prior to the fixed version, consider applying a patch that refuses to accept hub devices with more than one configuration or interface to prevent the problem from occurring. As a temporary workaround, consider disabling the `usb hub adjust deviceremovable()` function until a patch is available. Restrict access to the `usb hub wq` workqueue to minimize the risk of exploitation. Avoid using devices with multiple configurations or interfaces until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** WasmEdge versions prior to 0.16.0-alpha.3 **Description** WasmEdge is a WebAssembly runtime. A multiplication operation within `WasmEdge/include/runtime/instance/memory.h` can result in a wrap-around, leading the `checkAccessBound()` function to incorrectly permit memory access. This condition can trigger a segmentation fault. **Recommendations** Update to version 0.16.0-alpha.3 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue has been identified in the Linux kernel related to the bpf struct ops when CONFIG MODULES=n. The problem arises because the btf id of the "struct module" is missing, which prevents bpf try module get() from performing correct refcounting for struct ops that have a "struct module *owner" member. This issue affects struct ops that require the "struct module *owner" member, such as tcp congestion ops, but not all subsystems' struct ops, like sched ext ops. The issue has existed since the introduction of bpf struct ops and has undergone many changes. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a buffer overflow in the `mi enum attr()` function of the `fs/ntfs3` component in the Linux kernel. This vulnerability allows an attacker to access confidential data, compromise its integrity, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.7.0-rc4 **Description** The vulnerability is related to the `smb2 parse contexts()` function in the Linux kernel's SMB client. It allows for potential out-of-bounds (OOB) reads when accessing invalid create contexts from a server. This can lead to a page fault and potentially allow an attacker to access sensitive information or cause a denial of service. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the `smb2 parse contexts()` function, which is version 6.7.0-rc4 or later. Note: The provided information does not specify the exact version that includes the fix, but it is mentioned that the issue is resolved in version 6.7.0-rc4. As a temporary workaround, consider disabling the `smb2 parse contexts()` function until a patch is available. However, this may have significant implications for system functionality and should be carefully considered before implementation. It is also recommended to restrict access to the vulnerable SMB client module to minimize the risk of exploitation. Please note that these recommendations are based solely on the provided input data and may not be comprehensive or up-to-date. It is always best to consult the official Linux kernel documentation and security advisories for the most accurate and detailed information.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** An out-of-bounds memory read flaw was found in the `receive encrypted standard` function in the SMB Client sub-component of the Linux Kernel. This issue occurs due to integer underflow on the `memcpy` length, leading to a denial of service. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MIT Kerberos 5 (aka krb5) versions 1.20.2 and earlier, 1.21.x versions prior to 1.21.1 **Description** The issue is related to the lib/kadm5/kadm rpc xdr.c file in the Kerberos implementation, where an uninitialized pointer is freed. This can be exploited by a remote authenticated user to trigger a kadmind crash due to the lack of validation between `n key data` and the `key data` array count in the ` xdr kadm5 principal ent rec` function. **Recommendations** For MIT Kerberos 5 (aka krb5) versions 1.20.2 and earlier, update to version 1.20.2 or later. For MIT Kerberos 5 (aka krb5) 1.21.x versions prior to 1.21.1, update to version 1.21.1 or later. As a temporary workaround, consider restricting access to the vulnerable `lib/kadm5/kadm rpc xdr.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** lib9p (affected versions not specified) **Description** The issue is related to the handling of RWALK messages in lib9p, where a missing bounds check allows a specially crafted message to cause lib9p to overwrite unrelated memory. This could potentially lead to user-mode code execution on the host, subject to bhyve's Capsicum sandbox. The bug can be triggered by a malicious bhyve guest kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.