Haowei Yan

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.12.6 **Description** The issue is related to an Out-Of-Bounds indexing vulnerability in the `ets class from arg()` function when passed a `clid` of 0. This overflow may cause local privilege escalation. The vulnerability was discovered by Haowei Yan. Technical details about exploitation include: - The `ets class from arg()` function is vulnerable to Out-Of-Bounds indexing. - The `clid` variable is used in this function and passing a value of 0 can cause the overflow. - The `tc ctl tclass()` and `ets class change()` functions are also involved in the call trace. - The `/net/sched/sch ets.c` file is where the vulnerability is located. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for the `ets class from arg()` Out-Of-Bounds indexing vulnerability. As a temporary workaround, consider restricting access to the vulnerable `ets class from arg()` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP) due to a missing lock when clearing `sk user data`, which can lead to a race condition and NULL pointer dereference. This issue could allow a local user to potentially crash the system, causing a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.