Sili Luo

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.5.0-rc5 **Description** The vulnerability is a use-after-free (UAF) bug in the j1939 sk match filter function during setsockopt(SO J1939 FILTER) calls. This occurs when the setsockopt call modifies the jsk->filters while receiving packets, and the jsk->sk is not properly locked to prevent the UAF. The bug can be triggered by a slab-use-after-free in j1939 sk recv match one, which can lead to a read of size 4 at an invalid address. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, versions 6.5.0-rc5 and later should be used. For versions prior to 6.5.0-rc5, consider applying the patch that fixes the UAF bug in j1939 sk match filter. As a temporary workaround, consider disabling the j1939 sk match filter function until a patch is available. However, this may have performance implications and should be carefully evaluated before implementation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a race condition in the NFC component of the Linux kernel, specifically in the `nfc llcp sock get()` and `nfc llcp sock get sn()` functions. This can lead to a Use After Free (UAF) condition, potentially allowing an attacker to execute arbitrary code with elevated privileges. The problem occurs when getting a reference on the socket found in a lookup while holding a lock, which should happen before releasing the lock. The `nfc llcp recv snl()` function also needs to ensure that the socket found by `nfc llcp sock from sn()` does not disappear. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the mctp component in the Linux kernel, where route lookups are performed without proper read-side critical section locks, leading to potential preemption and parallel kfree issues. This could result in a use-after-free (UAF) condition when introducing a delay in the route lookup during simultaneous sendmsg and route deletion. The `mctp route lookup` and `mctp route lookup null` functions are affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.