Wei Fang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability has been resolved in the Linux kernel where the ENETC PF and VF drivers share a function to configure MQPRIO, but only PF can configure preemptible TCs. This is because only PF has related registers, while VF does not. As a result, VF will access an invalid pointer when trying to access a non-existent register, causing a crash issue. Some PFs, such as eno1 and eno3 on LS1028A, also do not support configuring preemptible TCs and should be prevented from accessing these unimplemented registers. **Recommendations** To resolve the issue, update to a version of the Linux kernel that includes the fix, such as version 6.6.74 or later. Additionally, consider disabling the `enetc setup tc mqprio()` function for VF drivers until a patch is available. Restrict access to the `enetc change preemptible tcs()` function for PF drivers that do not support configuring preemptible TCs, such as eno1 and eno3 on LS1028A.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, related to the allocation of vf state during PF probes. In the previous implementation, vf state is allocated memory only when VF is enabled. However, `net device ops::ndo set vf mac()` may be called before VF is enabled to configure the MAC address of VF. If this is the case, `enetc pf set vf mac()` will access `vf state`, resulting in access to a null pointer. This issue can be triggered by setting the MAC address of VF using the `ip link set` command, such as `ip link set eno0 vf 1 mac 00:0c:e7:66:77:89`. The error log shows a NULL pointer dereference at virtual address 0000000000000004. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A deadlock issue was found in the sungem driver, which is caused by netpoll being in atomic context and `disable irq()` being called by the `.ndo poll controller` interface of the sungem driver. The `disable irq()` function might sleep, leading to a deadlock. The same issue is present in the fec driver, but since it uses NAPI for TX completions, the `.ndo poll controller` is unnecessary and can be safely removed. The root cause of the issue is related to the `netpoll` and `disable irq()` functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.11 Description: The issue allows local users to cause a denial of service due to an integer overflow and loop. This can be achieved through crafted use of the open and fallocate system calls with an FS IOC FIEMAP ioctl, specifically exploiting the ` get data block` function in fs/f2fs/data.c. Recommendations: For Linux kernel versions prior to 4.11, update to version 4.11 or later to resolve the issue.