Steven Price

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where calling the madvise IOCTL twice on a Buffer Object (BO) causes memory shrinker list corruption, leading to kernel crashes. This occurs because the BO is added to the list again while it is already present, instead of being removed before re-addition. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `fixup guest exit` function in the arm64 subsystem of the Linux kernel's KVM component. It occurs when an SError is synchronized, and the `vcpu->arch.fault.esr el2` value is updated from the hardware register. If an IRQ synchronizes an SError, the `vcpu`'s `esr` value becomes stale. This can cause KVM to corrupt the `ELR EL2` register, leading to an unrelated guest instruction being executed twice. The problem arises when the previous non-IRQ exception was an HVC, and KVM attempts to process the SError first and re-execute the HVC if the guest survives the SError. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue exists in the Linux kernel, specifically in the drm/panfrost component. This occurs because a job structure references `panfrost priv` to access the MMU context, even after `panfrost priv` has been freed. This can lead to a crash. The issue arises from the job structure holding a reference to `panfrost priv` instead of the MMU structure itself. **Recommendations** To resolve this issue, update the job structure to directly reference the MMU structure instead of `panfrost priv`. This involves dropping the reference to `panfrost priv` in the job structure and adding a direct reference to the MMU structure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the ` drm universal plane init()` function, where a check for `format count > 64` is performed. If this condition is met, it can lead to a leak of the `plane->format types` array and a failure to call `drm mode object unregister()`, resulting in a leak of the modeset identifier. The fix involves moving the range check to the start of the function to prevent resource allocation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.