Alexander Shiyan

**Name of the Vulnerable Software and Affected Versions** Linux kernel version 6.11.0 **Description** A crash can occur in the Linux kernel when using polling in the probe error path of the tc358743 i2c driver. If an error occurs in the `probe()` function, the polling timer that was alarmed earlier should be removed to prevent the timer from being called with arguments that are already freed, resulting in a crash. The issue is related to the ` run timers()` function and can cause a crash with a warning message indicating a CPU error. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the crash in the probe error path when using polling. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the use of GPIO reset from I2C port expander, where the ` cansleep()` variant of GPIO functions was not used in the `ar0521 power on()` and `ar0521 power off()` functions. This vulnerability was fixed by using the `cansleep` version of `gpiod set value()`. The vulnerability is related to the `gpiod set value()` function and the `ar0521 power on()` and `ar0521 power off()` functions. Recommendations: To resolve the issue, update the Linux kernel to version 6.6.58 or later. As a temporary workaround, consider disabling the `ar0521 power on()` and `ar0521 power off()` functions until a patch is available. Restrict access to the vulnerable `gpiod set value()` function to minimize the risk of exploitation. Avoid using the `gpiod set value()` function in the affected API endpoints until the issue is resolved.