Christian Marangi

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A buffer overflow vulnerability has been resolved in the Linux kernel, specifically in the PM / devfreq component, affecting the trans stat show function. The issue was addressed by converting a simple snprintf to the more secure scnprintf with a size of PAGE SIZE, adding condition checking to exit early from the loop if PAGE SIZE is exceeded, and documenting the potential return of an -EFBIG error in the ABI. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel was discovered related to changing the MAX FRAME SIZE of a switch. If the MAX FRAME SIZE is changed while the cpu port is on, the switch panics and stops sending packets, making the device unreachable. This requires a switch reset to recover. The issue is due to a lack of documentation on how to correctly change the MAX FRAME SIZE. **Recommendations** To correctly handle this issue, turn off the cpu ports before changing the MAX FRAME SIZE and turn them on again after the value is applied.