Christian Heusel

Name of the Vulnerable Software and Affected Versions: libcurl (affected versions not specified) Description: The issue arises when libcurl wrongly closes the same eventfd file descriptor twice after completing a threaded name resolve and taking down a connection channel. This problem occurs due to incorrect handling of the eventfd file descriptor. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue concerns the use of coherent dumb buffers in configurations without 3D enabled. Coherent surfaces are only useful when the host renders to them using accelerated APIs. Without 3D, the content of dumb buffers stays in the guest, making synchronization efforts between the guest and host unnecessary. Configurations without 3D tend to have low graphics memory limits, leading to issues with console feedback, mouse cursors, and graphical login managers running out of the 16MB graphics memory. The fix involves ensuring coherent dumb buffers are only used on configurations with 3D enabled. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the zswap shrinker when memcg is disabled with the boot time flag. This can cause the zswap shrinker to be called with `sc->memcg` equal to NULL, leading to a crash in `memcg page state()`. The problem is specific to the non-node accounting of cgroup's zswap memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.