Brendan Dolan-Gavitt

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Linux versions prior to 148.0.7778.168 **Description** An out of bounds read in the GPU allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page. An out of bounds read occurs when a program reads data past the end or before the beginning of the intended buffer. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 148.0.7778.168 **Description** An out of bounds write in WebAudio allows a remote attacker to execute arbitrary code inside a sandbox by using a crafted HTML page. An out of bounds write occurs when a program writes data past the end of the intended buffer, which can lead to memory corruption. **Recommendations** Update to version 148.0.7778.168 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.6.0 **Description** A bug was found in the Linux kernel during fuzzing, specifically in the ath5k eeprom read pcal info 5111 function. The issue arises when none of the curves are selected in the loop, causing the `idx` variable to exceed the bounds of the `AR5K EEPROM N PD CURVES` array. This leads to an out-of-bounds access and subsequent writes using the `pd` variable. A sanity check for `idx` has been added to resolve the issue. **Recommendations** For Linux kernel versions prior to 5.6.0, consider applying the provided patch that adds a sanity check for `idx` in the ath5k eeprom read pcal info 5111 function to prevent out-of-bounds access. As a temporary workaround, restricting access to the vulnerable function or module may help minimize the risk of exploitation. However, since the patch is not tested with a real device, caution should be exercised when applying it.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.15.2 **Description** The issue is related to the function `hw atl utils fw rpc wait` in the Linux kernel, which allows an attacker to trigger an out-of-bounds write via a crafted length value. This can be exploited by introducing a crafted device, potentially leading to arbitrary code execution. **Recommendations** For Linux kernel versions through 5.15.2, consider updating to a version newer than 5.15.2 to resolve the issue. As a temporary workaround, consider restricting access to the `hw atl utils fw rpc wait` function in the `drivers/net/ethernet/aquantia/atlantic/hw atl/hw atl utils.c` file until a patch is available.