Viresh Kumar

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where a driver calling `dev pm opp find bw ceil` or `dev pm opp find bw floor` to retrieve bandwidth from the OPP table can cause a kernel crash if the bandwidth table was not created due to missing interconnect properties in the OPP consumer node. The crash occurs with a NULL pointer dereference error. The call trace includes functions such as ` read bw`, ` opp table find key`, and `dev pm opp find bw ceil`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the arch topology component of the Linux kernel. The `topology scale freq tick()` function, which is called from `scheduler tick()`, may use a pointer to `struct scale freq data` that was previously cleared by `topology clear scale freq source()`. To resolve this, the RCU update mechanism is used to guarantee race-free updates. The `synchronize rcu()` function ensures that all RCU critical sections started before it is called will finish before it returns, allowing the callers of `topology clear scale freq source()` to free related resources without worrying about their callback being called again. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential memory leak in the cppc cpufreq cpu init component of the Linux kernel. This memory leak occurs when resources are allocated but not freed in case of a failure. The vulnerability can be exploited to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.