Guoqing Jiang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version that includes the fix for the null-ptr-deref issue in the mtk-jpeg module **Description** A null-ptr-deref issue has been resolved in the Linux kernel. The workqueue should be destroyed in mtk jpeg core.c since a specific commit, otherwise, a calltrace can be easily triggered. The issue is related to the mtk-jpeg module and can cause a kernel paging request error. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the null-ptr-deref issue in the mtk-jpeg module. As a temporary workaround, consider disabling the `mtk jpegdec destroy workqueue()` function until a patch is available. Restrict access to the vulnerable `mtk jpeg core.c` module to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a potential memory leak in the `intel setup irq remapping()` function. This leak occurs when the `fn` is only freed after failing to allocate `ir domain`, but it should also be freed in case `dmar enable qi` returns an error. Additionally, `irq domain` and `ir msi domain` need to be removed if `intel setup irq remapping` fails to enable queued invalidation. The rewinding path has been improved by adding `out free ir domain` and `out free fwnode` labels. This issue can potentially allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.