Gen Zhang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.1.5 **Description** An issue was discovered in the ip ra control function in the net/ipv4/ip sockglue.c component of the Linux kernel. This issue is related to errors in pointer dereferencing, which might allow an attacker to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. However, it is noted that this issue is disputed because the affected variable is never used if it is NULL. **Recommendations** For Linux kernel versions through 5.1.5, update to a version later than 5.1.5 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.1.5 **Description** The issue is related to the ip6 ra control function in the net/ipv6/ipv6 sockglue.c component of the Linux kernel, which is associated with errors in pointer dereferencing. Exploitation of this issue may allow an attacker to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. It is noted that the validity of this issue has been disputed. **Recommendations** For Linux kernel versions through 5.1.5, consider applying configuration changes or workarounds to minimize the risk of exploitation, such as restricting access to the ip6 ra control function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.1.5 **Description** An issue was discovered in the `drm load edid firmware` function in the Linux kernel, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash) due to an unchecked `kstrdup` of `fwstr`. The vendor disputes this issue as not being a vulnerability because `kstrdup()` returning NULL is handled sufficiently and there is no chance for a NULL pointer dereference. **Recommendations** For Linux kernel versions through 5.1.5, as a temporary workaround, consider disabling the `drm load edid firmware` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.1.6 **Description** An issue was discovered in the get vdev port node info function in arch/sparc/kernel/mdesc.c. There is an unchecked `kstrdup const` of `node info->vdev port.name`, which might allow an attacker to cause a denial of service, resulting in a NULL pointer dereference and system crash. **Recommendations** For Linux kernel versions through 5.1.6, update to a version later than 5.1.6 to resolve the issue. At the moment, there is no information about additional mitigation measures for this specific issue.