Brian King

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, specifically in the ibmvfc module. The issue arises from the back pointer from a queue to the vhost adapter not being set until after subcrq interrupt registration, which can lead to a crash during kexec/kdump on Power 9 with legacy XICS interrupt controller. This crash occurs when a pending subcrq interrupt from the previous kernel is replayed immediately upon IRQ registration, resulting in the dereference of a garbage backpointer in ibmvfc interrupt scsi(). The kernel attempted to read a user page, which may indicate an exploit attempt. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.7.0-203405+ Description: The issue is related to the powerpc/pseries/iommu component of the Linux kernel. When a PCI device is dynamically added, the kernel experiences a NULL pointer dereference, leading to a crash. This occurs because the `iommu device` structure is not properly initialized during the DLPAR add process. The fix involves registering the iommu device during DLPAR add. Recommendations: To resolve this issue, update the Linux kernel to a version that includes the fix for the powerpc/pseries/iommu component. Specifically, ensure that the kernel version is 6.7.0-203405+ or later. As a temporary workaround, consider disabling the dynamic addition of PCI devices until the kernel can be updated.