Sebastian Andrzej Siewior

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where the `clocksource verify choose cpus()` function is invoked with preemption disabled, leading to the acquisition of sleeping locks in atomic context. This occurs because `get random u32()` is called to obtain random numbers, which can acquire the `batched entropy 32` local lock and/or the `base crng.lock` spinlock. In PREEMPT RT kernels, these locks are sleeping locks and cannot be acquired in atomic context, resulting in a bug report. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 5.15 through 6.12 **Description** A vulnerability in the Linux kernel has been identified, related to the handling of bpf timers. The issue arises when the `hrtimer cancel()` function attempts to acquire a lock that is already held, leading to a scheduling while atomic bug. This can occur when the `bpf timer` is cancelled while it is still running, causing a race condition. The vulnerability is specific to systems with PREEMPT RT enabled, which is available in version 6.12 and later. The estimated number of potentially affected devices is not provided. **Recommendations** For Linux kernel versions 5.15 through 6.12, apply the patch that fixes the lock problem by breaking the cancelling of `bpf timer` into two steps for PREEMPT RT. The first step uses `hrtimer try to cancel()` and checks its return value. If the timer is running, the second step uses `hrtimer cancel()` through a kworker to cancel it again. This patch is necessary to prevent the scheduling while atomic bug and ensure the stable operation of the system.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue concerns a problem in the Linux kernel where the function `stack depot save flags()` could potentially cause a deadlock when called from an NMI context. This happened because the function attempted to take the `pool lock` to save a stack trace, even when `STACK DEPOT FLAG CAN ALLOC` was unset. To resolve this, the function now only tries to take the lock in NMI context and gives up if it's unsuccessful, thus avoiding deadlock. The documentation has been updated to reflect this change. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the interaction between wait for device probe() and deferred probe timeout. The issue caused mounting NFS rootfs to time out when deferred probe timeout was non-zero. This was due to ip auto config() initcall timing out while waiting for network interfaces to appear. Although a commit tried to fix this by making wait for device probe() wait for deferred probe timeout to expire, it introduced a deadlock or blocked kernel init() from continuing until the timeout expired. The changes to wait for device probe() were reverted to resolve the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.98.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a crafted petite packed file. **Recommendations** For versions prior to 0.98.7, update to version 0.98.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.98.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in an infinite loop, by using a crafted y0da cryptor file. **Recommendations** For versions prior to 0.98.7, update to version 0.98.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.98.7 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by using a crafted file. This is related to the upx decoder in the software. **Recommendations** For versions prior to 0.98.7, update to version 0.98.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** ClamAV versions prior to 0.98.6 **Description** The issue allows remote attackers to have an unspecified impact by utilizing a crafted upack packer file. This is related to a heap out of bounds condition, which could potentially lead to memory corruption or other security issues. **Recommendations** For versions prior to 0.98.6, update to version 0.98.6 or later to resolve the issue.