Andrey Shumilin

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.61 Description: A division by zero vulnerability has been resolved in the Linux kernel, specifically in the ALSA firewire-lib component. The issue occurred in the `apply constraint to size()` function, where the `step` variable was initialized to zero and could remain zero if not changed in the loop, leading to a division by zero error. This behavior was introduced by a previous commit and was difficult to identify due to the complexity of the `snd interval test()` condition and the `amdtp rate table[]` table. The vulnerability was found by the Linux Verification Center with SVACE. Recommendations: For Linux kernel versions prior to 6.6.61, update to version 6.6.61 or later to resolve the issue. As a temporary workaround, consider adding a variable check before the division in the `apply constraint to size()` function to prevent the division by zero error.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a buffer overflow in the sisfb function of the Linux kernel. The variables `xres` and `yres` are obtained from `strbuf1` and placed in `strbuf`. When executing `sprintf(strbuf, "%ux%ux8", xres, yres)`, more than 16 bytes will be written to `strbuf`, causing an overflow. It is suggested to increase the size of the `strbuf` array to 24. The vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** To resolve the issue, it is recommended to increase the size of the `strbuf` array to 24. As a temporary workaround, consider restricting the use of the `sisfb` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.