Zhengchao Shao

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. A race condition can be exploited to cause a timer be mistakenly registered on a RCU read locked object which is freed by another thread. **Recommendations** Upgrade past commit e2b706c691905fe78468c361aaabc719d0a496f1 to resolve the issue. As a temporary workaround, consider disabling the vulnerable igmp component until a patch is available. Restrict access to the vulnerable module to minimize the risk of exploitation. Avoid using the vulnerable function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue has been identified in the Linux kernel, specifically in the `sja1105 setup devlink regions()` function. When `dsa devlink region create` fails, `priv->regions` is not released, leading to a memory leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to the function `l2cap conn del()` in the file `net/bluetooth/l2cap core.c` of the Linux Kernel's Bluetooth component. It involves the use of memory after it has been freed, which can be exploited by a remote attacker to execute arbitrary code. The manipulation leads to a use-after-free condition. **Recommendations** To fix this issue, it is recommended to apply a patch. At the moment, there is no information about a newer version that contains a fix for this vulnerability.