Zheyu Ma

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.20 **Description** A difficult to exploit vulnerability in Oracle VM VirtualBox allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For versions prior to 7.0.20, update to version 7.0.20 or later to resolve the issue. At the moment, there is no information about additional mitigation measures.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null-pointer dereference issue has been resolved in the Linux kernel. The issue occurred because the driver did not check whether the client provided the platform data. Technical details about the issue include a null-pointer dereference in the kmemdup function, which is called by the lgdt3306a probe function. The vulnerability can be identified by a log message indicating a BUG: KASAN: null-ptr-deref in kmemdup+0x30/0x40. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.16 Description: The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle VM VirtualBox. Successful attacks can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Recommendations: To resolve the issue, update to version 7.0.16 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.22 **Description** The issue is related to errors in resource release due to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to cause a partial denial of service. The vulnerability can be easily exploited by a high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes, potentially resulting in unauthorized ability to cause a partial denial of service of Oracle VM VirtualBox. **Recommendations** For versions prior to 7.0.22, update to version 7.0.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** qemu (affected versions not specified) **Description** The issue is related to a buffer overflow in the lsi53c895a.c component of the QEMU hardware emulator. It may also involve a DMA-MMIO reentrancy problem, potentially leading to memory corruption bugs such as stack overflow or use-after-free. Exploitation of this issue could allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** An out-of-bounds memory access flaw was found in the Linux kernel's Intel iSMT SMBus host controller driver. This issue arises when a user triggers the I2C SMBUS BLOCK DATA with malicious input data using the ioctl I2C SMBUS. The flaw allows a local user to crash the system. The vulnerability is related to the incorrect calculation of the buffer size in the `ismt access()` function when processing the I2C SMBUS BLOCK DATA block data record. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out of bounds memory access in the `smtcfb read()` function, which could allow an attacker to disclose protected information and cause a denial of service. Local attackers may be able to crash the kernel by exploiting this issue. The vulnerability is associated with the `drivers/video/fbdev/sm712fb.c` file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A buffer overflow issue was found in the Linux kernel's Intel iSMT SMBus host controller driver, specifically in how it handles the I2C SMBUS BLOCK PROC CALL case via the `I2C SMBUS` ioctl with malicious input data. This could allow a local user to crash the system, potentially leading to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the RDMA/hfi1 component. The issue occurs when there is a failure during the probe of hfi1 before the sdma map lock is initialized, causing the hfi1 free devdata() function to attempt to use a lock that has not been initialized. This can lead to an INFO message and stack trace. The vulnerability is related to the use of the sdma map lock in the sdma clean() function, which is used for freeing the sdma map memory. The issue can be avoided by checking if sdma map is not NULL before attempting to use the lock. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A bug in the Linux kernel has been identified, specifically in the cx23885 driver. The issue arises when the driver fails to call the `dma set mask()` function, resulting in a use-after-free error. This error occurs because the driver initializes i2c-related resources in `cx23885 dev setup()` but fails to release them during error handling. The error is evident in the kernel log, showing a BUG: KASAN: use-after-free message. **Recommendations** To resolve this issue, modify the error path in the cx23885 driver to properly release i2c-related resources after failing to call `dma set mask()`. As a temporary workaround, consider disabling the `cx23885 initdev()` function until a patch is available. Restrict access to the vulnerable `cx23885` driver to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A null-pointer-dereference issue in the `slgt clean()` function of the synclink gt driver has been identified. This occurs when the driver fails at `alloc hdlcdev()` and the driver module is then removed, resulting in a general protection fault. The issue is caused by not checking if `info->netdev` is a null pointer before use. **Recommendations** For the affected Linux kernel version, check whether `info->netdev` is a null pointer before calling `detach hdlc protocol()` to prevent the null-pointer-dereference. As a temporary workaround, consider disabling the `slgt clean()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** The issue is related to the i740 driver in the Linux Kernel, where a Userspace program can pass any values to the driver through the ioctl() interface. The driver does not check the value of `pixclock`, which may cause a divide by zero error. This could potentially allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the fix in commit 5f394102ee27dbf05la4e283390cd8d1759dacea **Description** The vulnerability is related to a null pointer dereference in the `com20020pci probe()` function during driver initialization. The issue arises because the `com20020pci id table` definition reveals that the `ci` field is empty for some devices, causing a null pointer dereference when initializing these devices. This can lead to a denial of service. The vulnerability affects all versions of the Linux kernel prior to the fix. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix, specifically to a version after the commit 5f394102ee27dbf05la4e283390cd8d1759dacea. As a temporary workaround, consider disabling the `com20020pci probe()` function until a patch is available. However, this may have implications for the functionality of the affected devices.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A crash issue has been identified in the Linux kernel, specifically in the sm712fb driver when writing to the framebuffer. The driver crashes when attempting to write three bytes, resulting in a page fault error. The issue is related to the `smtcfb write()` function and can be triggered through the `vfs write()` and `ksys write()` functions. The error is characterized by a BUG message indicating an inability to handle a page fault for a specific address, followed by a call trace. **Recommendations** To resolve this issue, the fix involves removing the open-coded endianness fixup code from the `smtcfb write()` function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to a double free issue in the `igbvf probe` function. When `register netdev` fails, the program goes to the `err hw init` label and then to the `err ioremap` label. In `free netdev`, there is a `list for each entry safe` and `netif napi del` which aims to delete all entries in `dev->napi list`. However, `adapter->rx ring` has been freed below the `err hw init` label, causing a use-after-free (UAF) issue. The KASAN logs indicate a use-after-free in `free netdev+0x1fd/0x450`. To patch the problem, one can refer to `igbvf remove` and delete the entry before `adapter->rx ring`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free (UAF) vulnerability in the Linux kernel, specifically in the `peak pci remove()` function. When the `peek pci` module is removed, referencing the `chan` variable again after releasing the `dev` variable can cause a UAF. The vulnerability is fixed by releasing the `dev` variable later. Technical details about the exploitation include the `peak pci remove()` function and the `chan` and `dev` variables. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The Linux kernel has a vulnerability where the driver can call the `card->isac.release()` function from an atomic context. This issue is fixed by calling the function after releasing the lock. The vulnerability is related to a sleeping function being called from an invalid context. Technical details about exploitation include: - The `card->isac.release()` function is called from an atomic context. - The `nj release()` function is involved in the call trace. - The issue is related to the `mISDN freedchannel()` and `isac release()` functions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.19.177-gdba4159c14ef-dirty #45 **Description** The vulnerability is related to the use of 'request firmware nowait' instead of 'request firmware' in the 'rp2 probe' function. This can cause a NULL pointer dereference or other bugs when an interrupt occurs and the interrupt handler function 'rp2 uart interrupt' accesses uninitialized ports of 'rp2 card'. The issue arises because the driver does some initialization work in 'rp2 fw cb', which is called through 'request firmware nowait', and if the firmware does not exist, the function returns without initializing the ports. To fix this, 'request firmware' should be used instead of 'request firmware nowait' to ensure the driver is ready to handle interrupts. **Recommendations** To resolve the issue, update the Linux kernel to a version that uses 'request firmware' instead of 'request firmware nowait' in the 'rp2 probe' function. As a temporary workaround, consider disabling the 'rp2 uart interrupt' function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.0-rc1-00144-g25a1298726e #13 **Description** A vulnerability in the Linux kernel has been resolved, specifically in the isdn: mISDN: netjet module. The issue arises when 'nj setup' in netjet.c fails with -EIO, causing 'card->irq' to be initialized with a value greater than zero. A subsequent call to 'nj release' will then attempt to free the irq that was not requested, leading to a crash. The KASAN log reveals this issue. The vulnerability is related to the use of the `free irq` function and the `nj release` function. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for this vulnerability. Specifically, the fix involves deleting the previous assignment to 'card->irq' and keeping only the assignment before 'request irq'. As a temporary workaround, consider disabling the `nj setup` function in netjet.c until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12-rc6 **Description** A flaw was found in the Nosy driver in the Linux kernel, allowing a device to be inserted twice into a doubly-linked list. This leads to a use-after-free when one of these devices is removed, posing a threat to confidentiality, integrity, and system availability. **Recommendations** For versions prior to 5.12-rc6, update to kernel version 5.12-rc6 or later to resolve the issue. As a temporary workaround, consider restricting access to the Nosy driver to minimize the risk of exploitation.