Vlad Poenaru

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the bpf (Berkeley Packet Filter) module. The issue arises due to the non-8-byte aligned storage of percpu pointers in the htab elem set ptr() function. This causes the kmemleak detector to fail to identify the memory leak, resulting in an unreferenced object. The problem can be reproduced using the bpf selftest by enabling the CONFIG DEBUG KMEMLEAK config, adding a getchar() before skel destroy in test hash map(), and running the test progs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel's hrtimers infrastructure allows wakeups to be performed by an outgoing CPU after the CPUHP AP HRTIMERS DYING stage, potentially resulting in bandwidth timers being armed on an offline CPU. This issue affects not only RCU but also other components, such as the stop machine kthread, which can report its completion and perform a wake up that arms the deadline server timer. The problem is resolved by migrating away timers to an online target whenever they are enqueued from an offline CPU. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.