Yunseong Kim

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition exists between SMB request handling in `ksmbd conn handler loop()` and the freeing of `ksmbd conn` in the workqueue handler `handle ksmbd work()`. This leads to a use-after-free (UAF) issue. The race condition arises when `ksmbd conn handler loop()` waits for `conn->r count` to reach zero, while `handle ksmbd work()` decrements `conn->r count` and potentially frees `conn` when it reaches zero. However, after freeing `conn`, `handle ksmbd work()` may still access `conn->r count q`, resulting in a UAF. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the handling of VM FAULT HWPOISON in the do exception() function. Since there is no support for HWPOISON, MEMORY FAILURE, or ARCH HAS COPY MC on s390, VM FAULT HWPOISON is not expected in do exception(). However, due to a commit that made PTE MARKER SWAPIN ERROR more general, it is possible to see VM FAULT HWPOISON in combination with PTE MARKER POISONED. To fix this, VM FAULT HWPOISON is treated the same as VM FAULT SIGBUS, similar to x86 when MEMORY FAILURE is not configured. Unexpected fault flags are also printed for easier debugging. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to the functions `crst table free()` and `base crst free()` in the Linux kernel's memory management subsystem on the s390 platform. The problem arises from the potential dereference of a null pointer. In real-life scenarios, this should not occur because order two GFP KERNEL allocations will not fail unless FAIL PAGE ALLOC is enabled and used. The vulnerability could allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.