Evgenii Shatokhin

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** A vulnerability in the Linux kernel has been resolved, specifically in the pinctrl-mcp23s08 driver. The issue occurs when a device uses the MCP23xxx IO expander to receive IRQs, which can cause a sleeping function to be called from an invalid context. This happens because the regmap in the driver uses a mutex for protection from concurrent accesses, but the system tries to lock the mutex while holding a spinlock. The vulnerability was observed while experimenting with a touchscreen driver that used the MCP23017 IO expander. The estimated number of potentially affected devices is not specified. **Recommendations** To resolve the issue, update to Linux kernel version 6.6.74 or later. As a temporary workaround, consider disabling the `mcp23s08 irq set type()` function until a patch is available. Restrict access to the `mcp23s08` driver to minimize the risk of exploitation. Avoid using the `regmap update bits base()` function in the affected API endpoint until the issue is resolved. Additionally, apply the patch that adds locking in `mcp pinconf get/set()` and disables internal locking in the regmap config.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A denial of service issue was found in the `n tty receive char special` function in the Linux kernel, specifically in `drivers/tty/n tty.c`. This flaw allows a local attacker with normal user privileges to delay a loop due to a changing `ldata->read head` and a missing sanity check, posing a threat to system availability. The vulnerability is related to incorrect input data used as a condition for executing a cycle. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.