Sergey Senozhatsky

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue is related to memory leakage in the zram device when it has multi-streams and is reset without freeing secondary algorithms names. This can be resolved by using kfree() to free the secondary algorithms names. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For Linux kernel versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider implementing a custom solution to free secondary algorithms names when resetting the zram device to prevent memory leakage.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, specifically in the ASoC: SOF: ipc3-topology component. The issue arises when the `sof get control data()` function is called with a non-bytes payload, leading to out-of-bounds access. This occurs because the function expects only bytes-type payloads, despite handling other control types. The payload parsing implementation is only valid for bytes, causing confusion. The vulnerability can be exploited by crafting a topology that triggers this out-of-bounds access. **Recommendations** To resolve this issue, the code needs to be updated to correctly handle non-bytes controls by counting them and storing the pointer to the data itself, along with its size. For non-bytes controls, the pointer to the `chanv` should be stored, which is an array of values at the end. Additionally, the incorrect check against `NULL` for `cdata->data` (wdata[i].pdata) should be dropped for bytes controls, as the data points to the end of the `cdata` struct and should never be null. At the moment, there is no information about a newer version that contains a fix for this vulnerability.