Vincent Pelletier

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.3-1 **Description** The vulnerability is related to a refcount underflow in the `ffs data clear` function of the `usb f fs` module. When userland closes ep0 and then unmounts f fs, `ffs data clear` is indirectly called twice, causing `eventfd ctx put` to be called multiple times and resulting in a refcount underflow. This can lead to a use-after-free error. The issue is resolved by NULL-ifying `ffs eventfd` to prevent extraneous `eventfd ctx put` calls. **Recommendations** To resolve the issue, update the Linux kernel to version 5.15.3-1 or later. As a temporary workaround, consider disabling the `ffs data clear` function until a patch is available. However, this may have unintended consequences and should be used with caution. Note: The provided information does not specify the exact versions affected, but based on the data, it appears that versions prior to 5.15.3-1 are vulnerable.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 3.10.x through 4.18.x **Description** The issue is related to the chap server compute md5() function in the ISCSI target code of the Linux kernel, which incorrectly checks memory access boundaries, leading to a buffer overflow. This can be exploited by an unauthenticated remote attacker to cause a denial-of-service or potentially gain access to protected information. The attack requires the iSCSI target to be enabled on the victim host. Depending on the compiler, compile flags, and hardware architecture used to build the target's code, the attack may lead to a system crash or possibly unauthorized access to data exported by the iSCSI target. **Recommendations** For Linux kernel versions 3.10.x, consider disabling the iSCSI target until a patch is available. For Linux kernel versions 4.14.x, restrict access to the vulnerable chap server compute md5() function to minimize the risk of exploitation. For Linux kernel versions 4.18.x, avoid using the ISCSI target feature until the issue is resolved. As a temporary workaround, consider disabling the ISCSI target feature on all vulnerable versions until a patch is available.