Alexander Lobakin

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free (UAF) vulnerability in the idpf driver of the Linux kernel. This vulnerability occurs when the `q vector->vport` pointers are not restored after reinitializing the structures, leading to memory leaks and crashes during a soft reset. The current logic is fragile and consumes more memory than expected, especially when the system is low on memory. Any error during the rebuild process leaves the old vport in a partially allocated state. If the interface is down when the function is called, it allocates a new queue set, but when the user decides to enable the interface later, `vport open()` allocates them once again, resulting in a clear memory leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A bug in the Linux kernel has been identified, which causes a "scheduling while atomic" error when processing auxiliary critical error interrupts in the `ice misc intr()` function. This error occurs due to a call ladder that involves `ice misc intr()`, `ice send event to aux()`, `device lock()`, `mutex lock()`, `might sleep()`, and `might resched()`. The issue is resolved by adding a new PF state bit to indicate an auxiliary critical error and serving it in the `ice service task()` function in process context. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.