Thadeu Lima De Souza Cascardo

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A slab use-after-free vulnerability has been identified in the Linux kernel. The issue arises from the altmode device release referring to its parent device without maintaining a reference to it. This can lead to errors when using CONFIG DEBUG KOBJECT RELEASE, resulting in slab use-after-free bugs. The vulnerability is related to the `typec altmode release` function and can cause issues with kobject release and parent devices. Recommendations: To resolve the issue, update the Linux kernel to version 6.6.61 or later. As a temporary workaround, consider disabling the `typec altmode release` function until a patch is available. Restrict access to the vulnerable `typec` module to minimize the risk of exploitation. Avoid using the `kobject release` function with the `parent` parameter until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the n gsm component of the Linux kernel and is associated with insufficient access control. An unprivileged user can attach N GSM0710 ldisc, but creating a GSM network requires CAP NET ADMIN. The vulnerability may allow an attacker to bypass existing security restrictions. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds access in the `net alloc generic()` function in the Linux kernel. This function is called by `net alloc()` without any locking, and it reads `max gen ptrs`, which is changed under `pernet ops rwsem`. The function reads `max gen ptrs` twice, first to allocate an array and then to set `s.len`, which is later used to limit the bounds of the array access. It is possible that the array is allocated and another thread is registering a new pernet ops, increments `max gen ptrs`, which is then used to set `s.len` with a larger than allocated length for the variable array. This could allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** To resolve the issue, read `max gen ptrs` only once in `net alloc generic()`. If `max gen ptrs` is later incremented, it will be caught in `net assign generic()`. As a temporary workaround, consider restricting access to the vulnerable `net alloc generic()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version containing the fix for the issue introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067 **Description** The issue is related to a double free in the ` sys socket file()` function, which can be exploited to cause a denial of service. The problem is associated with the io uring IORING OP SOCKET operation in the Linux kernel. **Recommendations** For Linux kernel versions prior to the fix, consider disabling the ` sys socket file()` function as a temporary workaround until a patch is available. Restrict access to the io uring IORING OP SOCKET operation to minimize the risk of exploitation. Update to a version of the Linux kernel that contains the fix for the issue introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free condition when executing from a non-leader thread, where armed POSIX CPU timers are left on a list but freed. This could potentially allow an attacker to crash the system or elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.