Ian Lance Taylor

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.4.2 **Description** The issue is related to the `fpregs state valid` function in the Linux kernel, which can be exploited by context-dependent attackers to cause a denial of service or possibly have other unspecified impacts due to incorrect caching. This is demonstrated by the mishandling of signal-based non-cooperative preemption in certain environments. The vulnerability may also allow an attacker to disclose protected information or cause a denial of service, as it is caused by a "race condition" situation. **Recommendations** For Linux kernel versions prior to 5.4.2, update to version 5.4.2 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glibc versions prior to 2.20 **Description** The issue arises from the send dg function in resolv/res send.c, which fails to properly reuse file descriptors. This allows remote attackers to send DNS queries to unintended locations by triggering a large number of requests that call the getaddrinfo function. **Recommendations** For versions prior to 2.20, update to version 2.20 or later to resolve the issue.