Wang Hai

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue has been identified in the Linux kernel, specifically in the `ufx usb probe()` function. This issue occurs when `fb alloc cmap()` fails, leading to a call to `fb destroy modelist()` before the modelist has been initialized, resulting in a null pointer dereference. The error handling path in `ufx usb probe()` is the source of the problem. **Recommendations** To resolve this issue, initialize the modelist before calling `fb alloc cmap()` in the `ufx usb probe()` function. This can be achieved by reordering the initialization and allocation calls to ensure that modelist is properly set up before attempting to allocate resources.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A null-ptr-deref issue was reported by KASAN in the Linux kernel, specifically in the `target alloc device()` function. This issue occurs when memory allocation for device queues fails, and the device is freed by `dev->transport->free device()`, but `dev->transport` is not initialized at that time, leading to a null pointer reference problem. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the `target alloc device()` function until a patch is available. Restrict access to the vulnerable `target core mod` module to minimize the risk of exploitation. Avoid using the `dev->transport->free device()` function in the affected code path until the issue is resolved.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A memory leak issue was found in the Linux kernel's net/sun3 82586 module, specifically in the `sun3 82586 send packet()` function. This function returns `NETDEV TX OK` without freeing the `skb` in case of `skb->len` being too long. To fix this, `dev kfree skb()` was added. Recommendations: For versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the `sun3 82586 send packet()` function until a patch is available.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A potential memory leak in the `bcm sysport xmit()` function has been resolved. The issue occurred when `bcm sysport xmit()` returned `NETDEV TX OK` without freeing `skb` in case of `dma map single()` failure. To fix this, `dev kfree skb()` was added. Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider disabling the `bcm sysport xmit()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.2.3 **Description** An issue was discovered in lib/kobject.c in the Linux kernel. With root access, an attacker can trigger a race condition that results in a `fill kobj path()` out-of-bounds write. This can potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** For Linux kernel versions prior to 6.2.3, update to version 6.2.3 or later to resolve the issue. As a temporary workaround, consider restricting root access to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential socket leak issue has been identified in the Linux kernel, specifically in the `p9 socket open` function within the `net/9p` module. The issue arises when `p9 fd create tcp()` and `p9 fd create unix()` call `p9 socket open()` and the creation of `p9 trans fd` fails, leading to an error being returned directly without releasing the socket, thus causing a socket leak. The problem is resolved by adding `sock release()` to address the leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible use after free in the `e100 xmit prepare()` function. If the function cannot map the `skb`, it returns `-ENOMEM`, causing `e100 xmit frame()` to return `NETDEV TX BUSY` and the upper layer to resend the `skb`. However, the `skb` is already freed, leading to a use after free bug when the upper layer resends the `skb`. The problem is resolved by removing the harmful free. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the wireguard socket implementation. The problem occurs when the `send6` function is used without freeing the socket buffer (`skb`) when IPv6 is disabled. This results in an unreferenced object and a memory leak. The issue is related to the `wg socket send buffer to peer` and `wg packet send handshake initiation` functions. A patch has been added to fix this bug by including the necessary `kfree skb` call when IPv6 is disabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.