Hui Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the version that includes the fix for the out-of-bounds access in otp packed element t **Description** The issue is related to an out-of-bounds access in the Linux kernel, specifically in the cs35l41 driver. The problem occurs because the CS35L41 NUM OTP ELEM is defined as 100, but only 99 entries are defined in the array otp map 1/2, resulting in a shift-out-of-bounds warning when the last entry in the array is accessed. This warning is reported by UBSAN in the cs35l41 otp unpack function. **Recommendations** As a temporary workaround, consider disabling the cs35l41 driver until a patch is available. Update to a Linux kernel version that includes the fix for the out-of-bounds access in otp packed element t.

**Name of the Vulnerable Software and Affected Versions** katello-headpin (affected versions not specified) **Description** The issue concerns a CSRF vulnerability in the REST API of katello-headpin. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.