Abdul Haleem

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.16.0-rc5-autotest-g6441998e2e37 **Description** The vulnerability is related to the ibmvnic component in the Linux kernel. When the ` ibmvnic open()` function encounters an error, such as when setting link state, it calls `release resources()` which frees the napi structures needlessly. This can lead to a crash when running the drmgr command several times to add/remove a vnic interface. The issue is caused by a NULL pointer dereference on read at address 0x00000010. The vulnerability can be exploited by an attacker to cause a denial of service. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the ibmvnic component. Specifically, update to a version later than 5.16.0-rc5-autotest-g6441998e2e37. As a temporary workaround, consider disabling the ` ibmvnic open()` function until a patch is available. Restrict access to the vulnerable ibmvnic component to minimize the risk of exploitation. Avoid using the drmgr command to add/remove vnic interfaces until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.0-rc1-autotest #1 **Description** A warning message issue in the Linux kernel has been resolved. The problem occurred due to adisc being flushed, resulting in a warning message where a different error code type did not match the expected type. The issue was triggered in the qla2xxx driver. **Recommendations** For Linux kernel versions prior to 5.13.0-rc1-autotest #1, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the qla2xxx driver until a patch is available. Restrict access to the vulnerable qla2x00 async adisc sp done function to minimize the risk of exploitation. Avoid using the affected API endpoints related to the qla2xxx driver until the issue is resolved.