75Acol

**Name of the Vulnerable Software and Affected Versions** Linux Kernel (affected versions not specified) **Description** A use-after-free issue exists where a file descriptor can be closed while a thread is blocked in a `poll(2)` or `select(2)` call waiting for that descriptor. Since the blocked thread does not hold a reference to the underlying object, the object may be freed while the thread remains blocked. The kernel fails to unlink blocked threads from the per-object wait queue for certain file descriptor types before freeing the object. Consequently, when the blocked thread wakes up, it accesses memory that has already been freed. This can be triggered by an unprivileged local user to obtain superuser privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache IoTDB versions 1.0.0 through 2.0.4 **Description** A flaw exists in Apache IoTDB related to the deserialization of untrusted data. This issue could potentially allow for malicious data to be processed, leading to unexpected behavior or compromise. **Recommendations** Upgrade to version 2.0.5 to address this issue.