Zicheng Qu

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, related to the acct(2) system call. The issue allows for a NULL dereference in cases where the acct(2) system call is used to write to a file that triggers an internal lookup, such as pointing to /sys/power/resume. This occurs because the write to the file happens after the calling task has exited and called exit fs(), resulting in a NULL-deref when accessing current->fs. The code has been reorganized to perform the final write from the workqueue with the caller's credentials, preserving the permission model and minimizing regression risk. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A division by zero error can occur in the `ad7780 write raw()` function, which is based on `iio info's` write raw. The error happens because `val2` can be zero, leading to a division by zero in `DIV ROUND CLOSEST()`. Although `val` is explicitly declared to be possibly zero in read mode, `val2` is not specified as non-zero. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A division by zero issue has been identified in the Linux kernel, specifically in the ad7124 set channel odr() function. This occurs when the `val` parameter in the ad7124 write raw() function is zero, leading to a division by zero error when DIV ROUND CLOSEST() is called. The ad7124 write raw() function is invoked through a sequence of calls, including iio write channel raw(), iio write channel attribute(), and iio channel write(), without checks to ensure `val` is non-zero. Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider adding checks to ensure the `val` parameter is non-zero before invoking the ad7124 write raw() function. Restrict access to the vulnerable function ad7124 set channel odr() to minimize the risk of exploitation.