Tong Zhang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A bug in the Linux kernel can be triggered by loading and then removing the nd pmem module, causing objects to remain in the dax cache during shutdown. This issue is due to the dax fs exit() function not flushing inodes before destroying the cache. The problem can be reproduced with the command $ modprobe nd pmem && modprobe -r nd pmem, leading to a BUG dax cache message and a call trace indicating the error. **Recommendations** To fix this issue, call rcu barrier() before destroying the cache.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the `myrs detect()` function of the Linux kernel's `myrs` component. When `privdata->hw init()` fails with a non-zero value, `cs->disable intr` is NULL, leading to a crash when `myrs cleanup(cs)` is called. This results in a kernel crash due to a NULL pointer dereference. The error is indicated by messages such as "Unknown Initialization Error 5A" and "Failed to initialize Controller." The call trace includes functions like `myrs cleanup()`, `myrs probe.cold()`, and `local pci probe()`. The vulnerability can be exploited to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** There is an issue with the ASPM (optional) capability checking function in the Linux kernel. A device might be attached to the root complex directly, resulting in a null pointer dereference. The `alcor pci init check aspm` function checks the PCI link's ASPM capability and populates `parent cap off`, which is used later by `alcor pci aspm ctrl` to dynamically turn on/off the device. To avoid this issue, the capability check can be skipped if the device is on the root complex, effectively disabling ASPM for the device. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.