Tommi Rantala

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.3 **Description** The issue is related to the mm subsystem in the Linux kernel, which does not properly enforce the CONFIG STRICT DEVMEM protection mechanism. This allows local users to read or write to kernel memory locations in the first megabyte, bypassing slab-allocation access restrictions, by opening the /dev/mem file. The affected files are arch/x86/mm/init.c and drivers/char/mem.c. **Recommendations** For Linux kernel versions prior to 3.3, consider restricting access to the /dev/mem file as a temporary workaround until a patch is available. Additionally, review system configurations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.8 **Description** The issue is related to the ` skb recv datagram` function in the Linux kernel, which does not properly handle the `MSG PEEK` flag with zero-length data. This allows local users to cause a denial of service, resulting in an infinite loop and system hang, via a crafted application. **Recommendations** For Linux kernel versions prior to 3.8, update to version 3.8 or later to resolve the issue.