Benjamin Coddington

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the SUNRPC module in the Linux kernel, specifically with the function gss free in token pages(). The in token->pages[] array is not NULL terminated, resulting in a potential wild-memory-access issue. This can lead to a denial of service. The vulnerability is associated with insufficient memory allocation for an operation in the gss read proxy verf() function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.3.3 **Description** The issue allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper access to a certain error field in the ext4 journal stop function. **Recommendations** For versions prior to 4.3.3, update to version 4.3.3 or later to resolve the issue.