Andrea Righi

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.13.0-22-generic #22+arighi20211110 **Description** The vulnerability is related to a stack out-of-bounds access in the `elantech change report id()` function. The `param[]` array in `elantech change report id()` must be at least 3 bytes, but it is defined as an array of 2 bytes, leading to a potential stack out-of-bounds access. This issue is confirmed by KASAN. The vulnerability can be exploited to cause a denial of service. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the stack out-of-bounds access in `elantech change report id()`. Specifically, update to a version later than 5.13.0-22-generic #22+arighi20211110. Note: The provided input descriptions do not include information about the estimated number of potentially affected devices or real-world incidents where this issue was exploited. Therefore, this information is not included in the description.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns the Linux kernel, where various PV features (Async PF, PV EOI, steal time) work through memory shared with the hypervisor. When restoring from hibernation, these features must be properly torn down to prevent the hypervisor from writing to stale locations after jumping to the previously hibernated kernel. The job is already done for secondary CPUs by kvm cpu down prepare(), and syscore ops are registered to do the same for the boot CPU. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 2.6.39.3 **Description** A race condition exists in the `scan get next rmap item` function in `mm/ksm.c` when Kernel SamePage Merging (KSM) is enabled. This issue allows local users to cause a denial of service, potentially resulting in a NULL pointer dereference, or possibly have other unspecified impacts via a crafted application. **Recommendations** For Linux kernel versions prior to 2.6.39.3, update to version 2.6.39.3 or later to resolve the issue. As a temporary workaround, consider disabling Kernel SamePage Merging (KSM) until a patch is available.