Aaro Koskinen

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.34 **Description** A vulnerability exists in the Linux kernel where accessing the /sys/devices/system/clocksource/clocksource0/current clocksource endpoint on non-GENERIC TIME systems (GENERIC TIME=n) results in an OOPS. **Recommendations** For Linux kernel versions prior to 2.6.34, update to version 2.6.34 or later to resolve the issue. As a temporary workaround, consider restricting access to the /sys/devices/system/clocksource/clocksource0/current clocksource endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** The issue allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field in the ext4 journal stop function. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.