Idryomov

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 7.0.11-1.1 **Description** A null-pointer dereference occurs in the `rbd` module when `device add disk()` fails after `device add()` has successfully published the device. In this scenario, the error path triggers a double teardown by calling `rbd free disk()` twice: once directly and again via `rbd dev device release()`. This inconsistent sequence leaves the blk-mq cleanup in an invalid state, leading to a crash in the ` blk mq free map and rqs()` function, which is reached through `blk mq free tag set()`. The issue can be triggered when mapping an RBD image through the `/sys/bus/rbd/add single major` endpoint. **Recommendations** Update the Linux kernel to version 7.0.11-1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The libceph component in the Linux kernel contains a flaw where an out-of-bounds read could occur in the `handle auth done()` function. This is due to a missing bounds check on the `payload len` variable, potentially leading to unauthorized access. The issue is addressed by implementing an explicit bounds check on `payload len` before the callout is made. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.