Wang Yufen

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the bpf and sockmap components. The issue occurs when the `tcp bpf sendmsg()` function is running while the socket message buffer is full, and the `sk msg alloc()` function returns an -ENOMEM error. This can cause a memory leak if partial memory has been allocated. The issue is resolved by using the `sk msg trim()` function to release the allocated memory. Other call paths, such as `tls sw sendmsg()`, may also be affected. The issue can cause warning messages to be printed to the system log, including warnings about CPU and PID errors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, related to the bpf and sockmap components. The issue arises when the `tcp bpf send verdict()` function is called, and the `msg` has more data after `tcp bpf sendmsg redir()`. This can cause the `msg->sg.size` to be uncharged twice, leading to potential problems. The vulnerability can result in warnings, such as `WARNING: CPU: 0 PID: 9860 at net/core/stream.c:208 sk stream kill queues+0xd4/0x1a0` and `WARNING: CPU: 0 PID: 2136 at net/ipv4/af inet.c:155 inet sock destruct+0x13c/0x260`, and may cause issues with socket destruction and TCP closure. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the bpf and sockmap components. The problem occurs when the `tcp bpf sendmsg` function is running during a tear-down operation, potentially causing data to be enqueued on the ingress message queue while the tear-down process attempts to free it. This can lead to memory leaks and warnings, such as `WARNING: CPU: 0 PID: 9202 at net/core/stream.c:205 sk stream kill queues+0xc8/0xe0` and `WARNING: CPU: 0 PID: 531 at net/ipv4/af inet.c:154 inet sock destruct+0x175/0x1b0`. The issue involves functions like `tcp bpf sendmsg()`, `tcp bpf send verdict()`, `bpf tcp ingress()`, and `sk psock queue msg()`, as well as variables such as `psock` and `SK PSOCK TX ENABLED`. To fix the issue, `sk msg free()` and `kfree()` are used. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A refcount leak has been resolved in the Linux kernel, specifically in the rockchip gpiolib register() function. The issue occurred because the node returned by of get parent() had its refcount incremented, but of node put() was not called when it was finished being used. To fix this, of node put() has been added to the end of of pinctrl get(). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A signed integer overflow issue has been identified in the Linux kernel, specifically in the ipv6 component, related to the l2tp ip6 sendmsg function. This occurs when the length (len) is greater than or equal to INT MAX - transhdrlen, causing an overflow when calculating ulen = len + transhdrlen. The issue is resolved by subtracting transhdrlen from the maximum value, similar to the approach used in udpv6. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been identified, related to the bpf and sockmap components. The issue occurs when the `tcp bpf sendmsg()` function is running during a tear-down operation, potentially causing the `psock` to be freed. This can lead to a double uncharge of the memory of `sk msg`, resulting in an error. The functions `tcp bpf send verdict()`, `sk msg return()`, and `tcp bpf sendmsg redir()` are involved in this process. If `psock` is null, returning an error code can trigger `sk msg free nocharge` in the error path of ` SK REDIRECT`, affecting user-space behavior. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.