Takashi Iwai

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A crash issue has been identified in the Linux kernel related to the synaptics input driver. When enabling a pass-through port, an interrupt may occur before the psmouse driver binds to the port. The synaptics sub-driver attempts to access the psmouse instance associated with the pass-through port, which may cause a crash if the psmouse instance has not been attached to the port yet. This issue is resolved by introducing open and close methods for the port and checking if the port is open before accessing the psmouse instance. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, specifically in the parport component, related to an array out-of-bounds access. The issue arose from replacing `sprintf()` calls with `snprintf()`, which returns the would-be-printed size, not the actual output size, potentially leading to length calculations exceeding the given limit. To address this, `scnprintf()` is used instead, as it returns the actual output letters. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a deadlock in the ALSA component of the Linux kernel, specifically in the `snd card disconnect()` function. This occurs when a process waits for power up at `snd power ref and wait()` in `snd ctl info()` or read/write() inside `card->controls rwsem`, and the system gets disconnected meanwhile, causing the driver to try to delete a kctl via `snd ctl remove*()`. The fix involves waking up sleepers before processing the driver disconnect callbacks but right after setting the `card->shutdown` flag. This change allows the code to flow again without deadlocks. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free bug in the ALSA subsystem of the Linux kernel. This bug occurs when the `snd pcm substream` is closing, and the `aica channel` is deallocated but can still be dereferenced in the worker thread. The reason for this is that `del timer()` returns directly, regardless of whether the timer handler is running or not, and the worker could be rescheduled in the timer handler. To mitigate this bug, the `mod timer()` function should be called conditionally in `run spu dma()`, and a PCM sync stop operation should be implemented to cancel both the timer and worker. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the ALSA hda component of the Linux kernel, where unsetting the preset in `snd hda codec cleanup for unbind()` interferes with the module unload and load scenario, causing a null pointer dereference. This occurs because the `snd hda codec device new()` function expects a valid pointer to an instance of `struct snd card`, which can only be met once sound card components probing commences. The `preset` is assigned only once during device/driver matching, and the ASoC codec driver's module reloading may occur several times throughout the lifetime of an audio stack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a lack of protection against concurrent changes to PCM buffer preallocation via proc files in the Linux kernel, potentially leading to use-after-free (UAF) issues or other problems. The problem arises from the absence of synchronization during proc write operations and PCM stream opens. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to the ipmi: ssif component in the Linux kernel. It causes a kernel crash when an error path is taken during the probe of ssif info->client. The issue arises because ssif info->client is dereferenced in the error path before some error checking has been done. To resolve this, ssif info->client should be initialized before any error path can be taken, and i2c client data should be cleared in the error path to prevent a dangling pointer from leaking. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.3 **Description** A null pointer dereference issue has been identified in the Linux kernel, specifically in the ALSA component. The problem arises when the function `free pages exact()` is called with a NULL address, which can lead to a system compromise. The issue is resolved by adding a proper NULL check to avoid possible errors. **Recommendations** As a temporary workaround, consider adding a NULL check before calling the `free pages exact()` function to prevent potential system compromise. Upgrade to a version of the Linux kernel that is 5.13.3 or later to fully resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.7 **Description** The issue is related to the snd timer user params function in the sound/core/timer.c file of the Linux kernel. This function does not properly initialize a certain data structure, allowing local users to obtain sensitive information from kernel stack memory. This can be achieved through crafted use of the ALSA timer interface. **Recommendations** For Linux kernel versions prior to 4.7, update to version 4.7 or later to resolve the issue.