Wei Yongjun

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the mac802154 component of the Linux kernel, specifically with errors in resource management in the `ieee802154 if add()` function. This can lead to a null pointer dereference, potentially causing a denial of service. The `cfg802154 netdev notifier call()` function manages a list when a device is registered or unregistered, which may result in a null pointer dereference if the list is not properly initialized. The `ieee802154 if add()` function allocates `wpan dev` as a net device's private data but does not initialize the list in the `struct wpan dev`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability has been resolved in the Linux kernel, specifically in the iio: health: afe4403 module. The issue is an out-of-bounds read in the `afe4403 read raw` function. The KASAN report indicates a global-out-of-bounds read at address ffffffffc02ac638. The call trace shows that the issue occurs in the `afe4403 read raw`, `iio read channel info`, and `dev attr show` functions. The array size of `afe4403 channel leds` is less than the number of channels, causing an out-of-bounds read when accessing `chan->address`. This issue can be reproduced by running the command `$ cat /sys/bus/spi/devices/spi0.0/iio:device0/in intensity6 raw`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the `afe4404 [read|write] raw` function. A KASAN report indicates a global-out-of-bounds read in `afe4404 read raw+0x2ce/0x380`. The bug is caused by accessing the `afe4404 channel leds` and `afe4404 channel offdacs` arrays with an index that is out of bounds, resulting in an out-of-bounds read. This issue can be reproduced by running the command `$ cat /sys/bus/i2c/devices/0-0058/iio:device0/in intensity6 raw`. The estimated number of potentially affected devices worldwide is not available. **Recommendations** To resolve the issue, the access to the `afe4404 channel leds` and `afe4404 channel offdacs` arrays should be moved before they are used. As a temporary workaround, consider restricting access to the vulnerable `afe4404 [read|write] raw` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** linux-image-2.6.26-1-parisc-smp version 2.6.26-1 linux-image-2.6.26-1-486 version 2.6.26-1 linux-image-2.6.26-1-alpha-smp version 2.6.26-1 linux-headers-2.6.26-1-486 version 2.6.26-1 linux-image-2.6.26-1-iop32x version 2.6.26-1 linux-headers-2.6.26-1-common-vserver version 2.6.26-1 linux-headers-2.6.26-1-s390x version 2.6.26-1 linux-headers-2.6.26-1-all version 2.6.26-1 linux-headers-2.6.26-1-sparc64-smp version 2.6.26-1 linux-headers-2.6.26-1-alpha-smp version 2.6.26-1 linux-image-2.6.26-1-vserver-powerpc version 2.6.26-1 linux-headers-2.6.26-1-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-r5k-cobalt version 2.6.26-1 linux-image-2.6.26-1-xen-amd64 version 2.6.26-1 linux-image-2.6.26-1-r5k-ip32 version 2.6.26-1 linux-image-2.6.26-1-5kc-malta version 2.6.26-1 linux-headers-2.6.26-1-parisc64-smp version 2.6.26-1 linux-image-2.6.26-1-vserver-686 version 2.6.26-1 linux-image-2.6.26-1-mckinley version 2.6.26-1 linux-image-2.6.26-1-vserver-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-ia64 version 2.6.26-1 linux-headers-2.6.26-1-all-powerpc version 2.6.26-1 linux-headers-2.6.26-1-all-i386 version 2.6.26-1 linux-image-2.6.26-1-sparc64-smp version 2.6.26-1 linux-image-2.6.26-1-versatile version 2.6.26-1 linux-image-2.6.26-1-vserver-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-vserver-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-hppa version 2.6.26-1 linux-image-2.6.26-1-parisc64-smp version 2.6.26-1 linux-headers-2.6.26-1-all-arm version 2.6.26-1 linux-image-2.6.26-1-s390-tape version 2.6.26-1 linux-headers-2.6.26-1-vserver-amd64 version 2.6.26-1 linux-image-2.6.26-1-amd64 version 2.6.26-1 linux-headers-2.6.26-1-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-mipsel version 2.6.26-1 linux-headers-2.6.26-1-xen-amd64 version 2.6.26-1 linux-headers-2.6.26-1-4kc-malta version 2.6.26-1 linux-headers-2.6.26-1-amd64 version 2.6.26-1 linux-headers-2.6.26-1-vserver-s390x version 2.6.26-1 linux-headers-2.6.26-1-parisc-smp version 2.6.26-1 linux-headers-2.6.26-1-footbridge version 2.6.26-1 linux-headers-2.6.26-1-iop32x version 2.6.26-1 linux-image-2.6.26-1-686 version 2.6.26-1 linux-support-2.6.26-1 version 2.6.26-1 linux-headers-2.6.26-1-xen-686 version 2.6.26-1 linux-image-2.6.26-1-powerpc-smp version 2.6.26-1 linux-headers-2.6.26-1-all-amd64 version 2.6.26-1 linux-headers-2.6.26-1-parisc version 2.6.26-1 linux-modules-2.6.26-1-xen-amd64 version 2.6.26-1 linux-image-2.6.26-1-sb1a-bcm91480b version 2.6.26-1 linux-image-2.6.26-1-r5k-cobalt version 2.6.26-1 linux-headers-2.6.26-1-common-openvz version 2.6.26-1 linux-headers-2.6.26-1-vserver-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-openvz-amd64 version 2.6.26-1 linux-image-2.6.26-1-alpha-legacy version 2.6.26-1 linux-image-2.6.26-1-openvz-686 version 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc version 2.6.26-1 linux-headers-2.6.26-1-s390 version 2.6.26-1 linux-image-2.6.26-1-vserver-s390x version 2.6.26-1 linux-image-2.6.26-1-xen-686 version 2.6.26-1 linux-headers-2.6.26-1-versatile version 2.6.26-1 linux-headers-2.6.26-1-vserver-powerpc64 version 2.6.26-1 linux-headers-2.6.26-1-common version 2.6.26-1 linux-image-2.6.26-1-footbridge version 2.6.26-1 linux-image-2.6.26-1-parisc64 version 2.6.26-1 linux-headers-2.6.26-1-alpha-legacy version 2.6.26-1 linux-image-2.6.26-1-686-bigmem version 2.6.26-1 linux-headers-2.6.26-1-all-alpha version 2.6.26-1 linux-headers-2.6.26-1-all-armel version 2.6.26-1 linux-headers-2.6.26-1-r4k-ip22 version 2.6.26-1 linux-headers-2.6.26-1-sb1a-bcm91480b version 2.6.26-1 linux-headers-2.6.26-1-common-xen version 2.6.26-1 linux-image-2.6.26-1-s390x version 2.6.26-1 linux-headers-2.6.26-1-mckinley version 2.6.26-1 linux-image-2.6.26-1-parisc version 2.6.26-1 linux-headers-2.6.26-1-orion5x version 2.6.26-1 linux-headers-2.6.26-1-openvz-686 version 2.6.26-1 linux-headers-2.6.26-1-vserver-686 version 2.6.26-1 linux-image-2.6.26-1-sparc64 version 2.6.26-1 linux-headers-2.6.26-1-powerpc64 version 2.6.26-1 linux-image-2.6.26-1-itanium version 2.6.26-1 linux-image-2.6.26-1-orion5x version 2.6.26-1 linux-headers-2.6.26-1-ixp4xx version 2.6.26-1 linux-headers-2.6.26-1-all-sparc version 2.6.26-1 linux-image-2.6.26-1-openvz-amd64 version 2.6.26-1 linux-image-2.6.26-1-ixp4xx version 2.6.26-1 linux-headers-2.6.26-1-all-s390 version 2.6.26-1 linux-headers-2.6.26-1-powerpc-smp version 2.6.26-1 linux-headers-2.6.26-1-parisc64 version 2.6.26-1 linux-headers-2.6.26-1-5kc-malta version 2.6.26-1 linux-image-2.6.26-1-powerpc64 version 2.6.26-1 linux-modules-2.6.26-1-xen-686 version 2.6.26-1 linux-headers-2.6.26-1-sb1-bcm91250a version 2.6.26-1 linux-image-2.6.26-1-4kc-malta version 2.6.26-1 linux-headers-2.6.26-1-686 version 2.6.26-1 linux-image-2.6.26-1-s390 version 2.6.26-1 linux-headers-2.6.26-1-all-mips version 2.6.26-1 **Description** The issue is related to multiple vulnerabilities in the Linux kernel, specifically in the Stream Control Transmission Protocol (SCTP) implementation. These vulnerabilities can be exploited remotely, potentially leading to a disruption of confidentiality, integrity, and availability of protected information. The exploitation can be carried out via an FWD-TSN chunk with a large stream ID, which may cause a buffer overflow in the net/sctp/sm statefuns.c file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.