Marcin Kościelnicki

**Name of the Vulnerable Software and Affected Versions** GNU C Library versions prior to 2.31 **Description** The issue is related to the incorrect handling of the `LD PREFER MAP 32BIT EXEC` environment variable, which allows local attackers to restrict the possible mapping addresses for loaded libraries. This can lead to bypassing Address Space Layout Randomization (ASLR) for a setuid program, potentially giving attackers access to confidential data. **Recommendations** For versions prior to 2.31, update to version 2.31 or later to resolve the issue. As a temporary workaround, consider disabling the use of the `LD PREFER MAP 32BIT EXEC` environment variable until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.5 on s390 platforms **Description** The fork implementation in the Linux kernel mishandles the case of four page-table levels, allowing local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted application. This issue is related to arch/s390/include/asm/mmu context.h and arch/s390/include/asm/pgalloc.h. **Recommendations** For Linux kernel versions prior to 4.5 on s390 platforms, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted applications that could exploit this issue until a patch is available.

**Name of the Vulnerable Software and Affected Versions** NVIDIA graphics driver versions 304 through 331 nvidia-drivers versions prior to 331.20 **Description** The issue affects NVIDIA graphics drivers and has an unknown impact and attack vectors. It is related to multiple vulnerabilities in the nvidia-drivers package that can lead to violations of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be done remotely. **Recommendations** For NVIDIA graphics driver versions 304 through 331, update to a version newer than 331. For nvidia-drivers versions prior to 331.20, update to version 331.20 or newer.

**Name of the Vulnerable Software and Affected Versions** NVIDIA graphics driver versions 304 through 331 nvidia-drivers versions prior to 331.20 **Description** The issue allows local users to bypass intended access restrictions for the GPU and gain privileges. Additionally, multiple vulnerabilities in the nvidia-drivers package can lead to disruption of confidentiality, integrity, and availability of protected information, and can be exploited remotely. **Recommendations** For NVIDIA graphics driver versions 304 through 331, update to a version newer than 331. For nvidia-drivers versions prior to 331.20, update to version 331.20 or newer.