Tetsuo Handa

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when the uinput interface is exercised with a large number of slots, causing memory allocation failure in the `input mt init slots()` function. Although the allocation failure is handled properly and the request is rejected, it results in syzkaller reports and may put an undue burden on the system. The fix involves limiting the allowed number of slots to 100, which can be extended if devices that can track more than 100 contacts are encountered. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's BPF (Berkeley Packet Filter) subsystem, where a vulnerability in the `may update sockmap()` function allows for insufficient permission checks. This can lead to a locking rule violation when a BPF program attached to a tracepoint performs a `map delete` on a `sockmap/sockhash`. The vulnerability can be exploited to impact the integrity of protected information. The Linux kernel has resolved this issue by extending the existing verifier allowed-program-type check for updating `sockmap/sockhash` to also cover deleting from a map, allowing only BPF programs that were previously allowed to update `sockmap/sockhash` to delete from these map types. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability has been resolved in the Linux kernel related to the `call usermodehelper exec()` function. The issue was introduced by a commit that rewrote the core freezer logic, which broke the function for the KILLABLE case. Specifically, it was missed that the second, unconditional `wait for completion()` was not optional and ensures the on-stack completion is unused before going out-of-scope. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A problem has been found in the Linux Kernel, classified as problematic. The affected function is `nilfs bmap lookup at level` of the file `fs/nilfs2/inode.c` of the `nilfs2` component. The issue leads to a null pointer dereference. It is possible to launch the attack remotely, potentially allowing an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a memory leak in the `nf tables addchain()` function of the Linux kernel's `nf tables` component. This leak occurs when the `nft chain offload priority()` function returns an error, which started happening after a specific commit that mapped base chain priority to hardware priority. The memory leak can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the batman-adv component in the Linux kernel, where the soft/batadv interface for a queued OGM can be changed during the time the OGM was queued for transmission and when the OGM is actually transmitted by the worker. This can lead to incorrect warnings being printed using WARN ON, which should be used to denote kernel bugs, not simple warnings. A warning can simply be printed using pr warn. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.11.7 **Description** The issue is related to the implementation of the `usbip sockfd store` function in the Linux kernel, which allows attackers to cause a denial of service due to race conditions during an update of the local and shared status. This can lead to a general protection fault (GPF). The vulnerability is caused by the use of a shared resource with incorrect synchronization. **Recommendations** For Linux kernel versions prior to 5.11.7, update to version 5.11.7 or later to resolve the issue. As a temporary workaround, consider disabling the `usbip sockfd store` function in the `drivers/usb/usbip/stub dev.c` file until a patch is available. Restrict access to the vulnerable `stub dev.c` module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.11 **Description** The issue arises from an EXTPROC versus ICANON confusion in TIOCINQ, allowing local attackers who have access to pseudo terminals to hang or block further usage of any pseudo terminal devices. **Recommendations** For Linux kernel versions prior to 4.14.11, update to version 4.14.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5 **Description** The issue allows local users to cause a denial of service by creating many pipes with non-default sizes, resulting in memory consumption due to the lack of limitation on the amount of unread data in pipes. **Recommendations** For Linux kernel versions prior to 4.5, update to version 4.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.4.1 **Description** The issue allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af unix.c and net/unix/garbage.c. **Recommendations** For Linux kernel versions prior to 4.4.1, update to version 4.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.4 **Description** The issue allows local users to cause a denial of service, specifically memory consumption, by utilizing a crafted application. This is due to the request module function in kernel/kmod.c not setting a certain killable attribute. **Recommendations** For versions prior to 3.4, update to version 3.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.1 **Description** The issue allows local users to cause a denial of service, resulting in a system crash, via crafted use of the sendmmsg system call. This is due to an incorrect pointer dereference in the sys sendmsg function in net/socket.c. **Recommendations** For Linux kernel versions prior to 3.1, update to version 3.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sendmmsg system call to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39.2 **Description** The issue is related to the `tomoyo mount acl` function in the Linux kernel, which calls the `kern path` function with arguments taken directly from a mount system call. This allows local users to cause a denial of service (OOPS) or possibly have unspecified other impact via a NULL value for the device name. **Recommendations** For Linux kernel versions prior to 2.6.39.2, update to version 2.6.39.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Debian GNU/Linux kernel-image versions 2.4.27-3-686 through 2.6.8-3-686 Debian GNU/Linux kernel-headers versions 2.4.27-3-686 through 2.6.8-3-686 Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-3-686 through 2.6.8-3-686 Debian GNU/Linux lm-sensors versions 2.4.27-3-686 through 2.4.27-3-686 SUSE Linux Enterprise k um (affected versions not specified) SUSE Linux Enterprise Intel-v92ham (affected versions not specified) Linux kernel versions prior to 2.6.14-rc5 **Description** The vulnerability allows local users to cause a denial of service (infinite loop and crash) in the Linux kernel. The issue is related to the udp v6 get port function in udp.c. The vulnerability can be exploited remotely. The affected software packages include kernel-image, kernel-headers, kernel-pcmcia-modules, and lm-sensors in Debian GNU/Linux, as well as k um and Intel-v92ham in SUSE Linux Enterprise. **Recommendations** For Debian GNU/Linux kernel-image versions 2.4.27-3-686 through 2.6.8-3-686, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-headers versions 2.4.27-3-686 through 2.6.8-3-686, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux kernel-pcmcia-modules versions 2.4.27-3-686 through 2.6.8-3-686, update to a newer version that contains a fix for this vulnerability. For Debian GNU/Linux lm-sensors versions 2.4.27-3-686 through 2.4.27-3-686, update to a newer version that contains a fix for this vulnerability. For SUSE Linux Enterprise k um and Intel-v92ham, update to a newer version that contains a fix for this vulnerability. For Linux kernel versions prior to 2.6.14-rc5, update to version 2.6.14-rc5 or later.