Horatiu Vultur

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the sparx5 del mact entry function. When an entry from the MAC table is removed, the entry is still used after being freed, which can lead to a denial of service. The vulnerability is caused by the vid of the mac entry being used after calling devm kfree on the mac entry. The fix involves first using the vid of the mac entry to delete the entry from the hardware and then freeing it. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a crash when adding a lan966x interface under a lag interface in the Linux kernel. This can be reproduced by running specific commands, such as "ip link add name bond0 type bond miimon 100 mode balance-xor" and "ip link set dev eth0 master bond0". The reason for the crash is that the lan966x can have ports that are NULL pointers as they are not probed, causing the system to crash when iterating over these ports. The fix involves checking for NULL pointers before accessing something from the ports. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.