Tomas Glozar

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.52 **Description** The vulnerability is related to the tracing/osnoise component in the Linux kernel. It occurs when the start kthread() and stop thread() code is not always called with the interface lock held, allowing the kthread variable to be unexpectedly changed. This can cause the kthread stop() function to be called on a user space thread, making it "exit" before it actually exits. The issue can lead to a general protection fault and a null pointer dereference. **Recommendations** To resolve the issue, update the Linux kernel to version 6.6.52 or later. If updating is not possible, consider temporarily disabling the tracing/osnoise component to minimize the risk of exploitation. However, this is not a recommended long-term solution, as it may affect system functionality. Note: At the moment, there is no other information about a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free bug in the Linux kernel's tracing/timerlat module. This bug occurs when a program using the timerlat tracer is killed via a SIGTERM, causing the threads to be shutdown one at a time. If another tracing instance starts up and resets the threads before they are fully closed, the hrtimer assigned to the kthread can be shutdown and freed twice, resulting in a use-after-free bug. The bug can be exploited to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.