Xingyuan Mo

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue was found in the `ath10k wmi tlv op pull mgmt tx compl ev()` function in the drivers/net/wireless/ath/ath10k/wmi-tlv.c module of the Linux kernel. This issue could be exploited to trigger a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.7-rc5 Linux kernel versions 5.6 through 5.10.203 Linux kernel versions 5.6 through 5.15.142 Linux kernel versions 5.6 through 6.1.67 Linux kernel versions 5.6 through 6.6.6 **Description** A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. The function `nft pipapo walk` did not skip inactive elements during set walk, which could lead to double deactivations of PIPAPO (Pile Packet Policies) elements, leading to use-after-free. This issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information and elevate their privileges in the system. **Recommendations** Upgrade past commit 317eb9685095678f2c9f5a8189de698c5354316a. For Linux kernel versions 5.10, upgrade to version 5.10.204 or later. For Linux kernel versions 5.15, upgrade to version 5.15.143 or later. For Linux kernel versions 6.1, upgrade to version 6.1.68 or later. For Linux kernel versions 6.6, upgrade to version 6.6.7 or later. As a temporary workaround, consider disabling the `nft pipapo walk` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null pointer dereference issue was found in the `nft dynset init()` function in `net/netfilter/nft dynset.c` in `nf tables` in the Linux kernel. This issue may allow a local attacker with `CAP NET ADMIN` user privilege to trigger a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a null pointer dereference flaw in the nft inner.c functionality of netfilter in the Linux kernel. This flaw could allow a local user to crash the system or escalate their privileges on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 6.6.5 **Description** The issue is related to the `sec attest info` function in the Linux kernel, which allows an information leak to user space because `info->pad0` is not initialized. This can potentially allow an attacker to gain unauthorized access to protected information. **Recommendations** For Linux kernel versions through 6.6.5, consider updating to a version that includes the necessary fix for the `sec attest info` function to prevent information leaks. As a temporary workaround, consider restricting access to the `sec attest info` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.3 **Description** The issue is related to a use-after-free in the `iopt unmap iova range()` function in the `drivers/iommu/iommufd/io pagetable.c` module of the Linux kernel. This could allow an attacker to cause a denial of service by exploiting the use of previously freed memory. **Recommendations** For Linux kernel version 6.3, consider disabling the `iopt unmap iova range()` function as a temporary workaround until a patch is available. Restrict access to the `io pagetable.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.2.12 **Description** The issue is related to the use of memory after it has been freed in the set con2fb map() function in the Linux kernel. This can lead to a denial of service. The problem arises because an assignment occurs only for the first vc, causing the fbcon registered fb and fbcon display arrays to become desynchronized in fbcon mode deleted, as the con2fb map points to the old fb info. **Recommendations** For Linux kernel versions prior to 6.2.12, update to version 6.2.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the set con2fb map() function in the fbcon.c module until a patch is available.

**Name of the Vulnerable Software and Affected Versions** KVM (affected versions not specified) **Description** A flaw was found in KVM that could cause an information leak when calling the KVM GET DEBUGREGS ioctl on 32-bit systems. This issue is related to uninitialized portions of the kvm debugregs structure being copied to userspace. The vulnerability is associated with errors in initializing variables in the kvm vcpu ioctl x86 get debugregs() function of the KVM subsystem in the Linux kernel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A vulnerability was found due to a missing lock for the IOPOLL flaw in the `io cqring event overflow()` function in `io uring.c`. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat. The vulnerability is related to incorrect resource locking, which may also allow an attacker to elevate privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to a use-after-free flaw in the NFS filesystem in the Linux Kernel, specifically in the `nfsd4 ssc setup dul` function in `fs/nfsd/nfs4proc.c`. This flaw could allow a local attacker to crash the system or lead to a kernel information leak problem. The vulnerability is associated with the repeated use of previously freed memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the Linux kernel's NFS file system driver. This flaw allows a remote attacker to cause a denial of service. The vulnerability is specifically found in the ` nfs42 ssc open()` function in `fs/nfs/nfs4file.c`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.19.9 **Description** The issue is related to the `stex queuecommand lck()` function in the Linux kernel, which is associated with the disclosure of information in an error data area. This can allow an attacker to gain unauthorized access to protected information. The problem arises because `stex queuecommand lck` lacks a `memset` for the `PASSTHRU CMD` case, enabling local users to obtain sensitive information from kernel memory. **Recommendations** For Linux kernel versions through 5.19.9, consider updating to a version that includes a fix for this issue, as the current version allows local users to obtain sensitive information due to a missing `memset` in the `stex queuecommand lck` function for the `PASSTHRU CMD` case. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions 5.10.x through 5.10.154 **Description** The issue is related to a use-after-free in the `io sqpoll wait sq` function in `fs/io uring.c`, which allows an attacker to crash the kernel, resulting in denial of service. The `finish wait` function can be skipped. An attack can occur in some situations by forking a process and then quickly terminating it. **Recommendations** For Linux kernel versions 5.10.x through 5.10.154, update to a version after 5.10.155 to resolve the issue. As a temporary workaround, consider restricting the use of the `io sqpoll wait sq` function in `fs/io uring.c` to minimize the risk of exploitation. Avoid forking and quickly terminating processes to reduce the likelihood of an attack.