Tiwei Bie

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.0-rc6-g59b723cd2adb **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the use of drvdata in release, which is not available. This can cause a crash when removing a vector device. The crash occurs due to a segfault with no mm, resulting in a kernel panic. Technical details about the crash include a RIP of 0033:vector device release+0xf/0x50 and a stack trace that involves several kernel functions, including `vector device release()`, `device release()`, and `kobject put()`. No information is provided about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. **Recommendations** For Linux kernel versions prior to 6.12.0-rc6-g59b723cd2adb, update to a version that includes the fix for this issue to prevent crashes when removing vector devices. As a temporary workaround, consider disabling the `vector device release()` function until a patch is available. However, since the provided information does not specify a clear fix or patch version, the best course of action is to wait for an official update that addresses this vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.0-rc6-g59b723cd2adb **Description** A vulnerability in the Linux kernel has been resolved. The issue is related to the use of drvdata in release, which is not available, causing a crash when removing a network device. The crash results in a kernel panic due to a segfault with no mm. The vulnerability is resolved by using container of() to get the uml net instance instead of drvdata. **Recommendations** For Linux kernel versions prior to 6.12.0-rc6-g59b723cd2adb, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the removal of network devices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the fixed version **Description** The issue is related to the use of drvdata in release, which is not available, causing a crash when removing a ubd device. The crash results in a kernel panic with a segfault and no mm. The problem occurs because the drvdata is not accessible in release, and using container of() to get the ubd instance is recommended instead. **Recommendations** As a temporary workaround, consider disabling the `ubd device release()` function until a patch is available. Restrict access to the vulnerable `ubd remove()` function to minimize the risk of exploitation. Avoid using the `drvdata` variable in the affected `ubd device release()` function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.