Michael Buesch

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.31-rc6 **Description** The issue allows local users to access restricted memory due to an out-of-bounds read in the `readb` function. This occurs because the `eisa eeprom read` function in the parisc isa-eeprom component does not properly check the `ppos` argument, assuming it is always positive. A negative `ppos` argument can bypass this check. **Recommendations** For Linux kernel versions prior to 2.6.31-rc6, update to version 2.6.31-rc6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.30.2 on ia64 and x86 platforms **Description** The issue is related to an off-by-one error in the `options write` function within the SGI GRU driver. This error can lead to a stack-based buffer overflow when a crafted count argument is provided, potentially allowing local users to overwrite arbitrary memory locations and gain privileges. **Recommendations** For Linux kernel versions prior to 2.6.30.2 on ia64 and x86 platforms, consider upgrading to a version that addresses this issue to prevent potential exploitation. As a temporary workaround, restrict access to the SGI GRU driver to minimize the risk of exploitation.