Wu Bo

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 4.18.0.x86 64 #46 and #47 **Description** The vulnerability in the Linux kernel is related to a use-after-free (UAF) issue when uninstalling the ipmi si and ipmi msghandler modules. This can cause the system to crash. The issue arises from the sequence of events involving the removal of these modules, specifically through the functions ipmi unregister smi(), ipmi bmc unregister(), and the scheduling of work for the removal of the BMC device. The vulnerability can potentially be exploited to elevate privileges in the system. **Recommendations** To resolve this issue, ensure that your Linux kernel is updated to a version that includes the fix for this vulnerability. Specifically, for versions 4.18.0.x86 64 #46 and #47, update to a newer version of the Linux kernel where this issue has been addressed. If you are using a version prior to the fixed version, consider temporarily disabling the use of the ipmi si and ipmi msghandler modules until an update can be applied.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the nvme-loop component. The issue occurs when creating a loop controller in the `nvme loop create ctrl()` function. If the `nvme init ctrl()` function fails, the loop controller should be freed before proceeding to the "out" label to prevent a memory leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.