Ronald Wahl

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A deadlock vulnerability has been resolved in the Linux kernel, specifically in the net: ks8851 module. The issue occurs when SMP is enabled and spinlocks are functional, causing a deadlock with the 'statelock' spinlock between `ks8851 start xmit spi` and `ks8851 irq`. This results in a soft lockup, with the CPU stuck for 27 seconds. The problem was not identified earlier because tests were done on a device with SMP disabled, making spinlocks ineffective. To avoid the deadlock, `spin (un)lock bh` is now used for TX queue related locking to prevent synchronous execution of softirq work. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the ks8851 component in the Linux kernel, which is associated with incorrect resource locking. This can lead to a denial of service. The problem arises when the `net rx action()` function triggers the `.start xmit` callback, protected by the same lock as the IRQ handler, potentially causing a hang due to attempting to claim an already claimed lock. The solution involves removing the BH manipulation and queuing received packets in the IRQ handler before pushing them into `netif rx()` outside the lock-protected critical section. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.