Zhang Wensheng

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A deadlock issue in the Linux kernel has been identified in the ` device attach` function. The problem arises when the `async schedule dev` function is called within the `device lock`, leading to a potential A-A deadlock. This occurs because ` device attach async helper` also attempts to acquire the `dev` lock, causing a deadlock when memory is low or the work limit is reached. The issue is resolved by moving the `async schedule dev` call outside the `device lock`, allowing for concurrent operations without changing the code logic. **Recommendations** To resolve the issue, apply the patch that moves the `async schedule dev` call outside the `device lock` in the ` device attach` function. This change prevents the deadlock by allowing concurrent operations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.10.0-10295-g576c6382529e **Description** A use-after-free issue has been identified in the Linux kernel, specifically in the `bfq dispatch request` function. This issue can be triggered during normal scsi-mq testing, as reported by KASAN. The problem arises when a request is dispatched after its associated memory has been freed, leading to a potential crash or other unintended behavior. The estimated number of potentially affected devices worldwide is not provided. **Recommendations** To resolve this issue, update to a version of the Linux kernel that includes the fix for the `bfq dispatch request` use-after-free bug. As a temporary workaround, consider disabling the `bfq dispatch request` function until a patch is available. However, this may impact the performance and functionality of the system. At the moment, there is no information about a newer version that contains a fix for this vulnerability.