Yukuai

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use after free issue was found in the Linux kernel's BFQ IO scheduler. This occurs when a bio is associated with a cgroup that has already been offlined, leading to the insertion of a `bfq group` into a service tree. Once the last bio associated with this `bfq group` is completed, the `bfq group` is freed, causing issues for service tree users. The problem is resolved by ensuring that operations are only performed on online `bfq group` instances. If the associated `bfq group` is not online, the first online parent is selected instead. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been identified where the `bfq merge bio()` function can operate with stale cgroup information when a process is migrated to a different cgroup. This can lead to the bio being merged to a request from a different cgroup, or the merging of `bfqqs` for different cgroups, potentially causing use-after-free issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.