Alexander Duyck

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the ethtool loopback test of the ixgbe driver. This occurs because there isn't a q vector associated with the test ring when it is setup, as interrupts are not normally added to the test rings. To address this, code has been added to check for a q vector before returning a napi id value. If a q vector is not present, it will return a value of 0. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free issue occurs when using page pool with page fragments in the Linux kernel. This problem arises during normal RX in the hns3 driver, where a page reference is dropped twice, resulting in an underflow. The issue is caused by incorrect coalescing logic in the `skb try coalesce()` function, which takes a page reference to a page instead of increasing the page pool frag reference. This can lead to IOMMU faults or silent memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.