Andrew Donnellan

**Name of the Vulnerable Software and Affected Versions** Linux (affected versions not specified) **Description** A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. This issue allows a local user to increase their privileges to that of a running kernel on a locked down guest system running on top of PowerVM or KVM hypervisors. The flaw is related to incorrect memory access handling, which can be exploited to gain access to confidential data, disrupt data integrity, and cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Patchwork versions 1.1 through 2.1.x **Description** A Cross Site Scripting (XSS) issue exists in the template tag used to render message ids. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. The `msgid` function in `templatetags/patch.py` is affected. **Recommendations** For versions prior to 2.1.4 and 2.0.4, update to version 2.1.4 or 2.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the `msgid` function in `templatetags/patch.py` until a patch is available.