Jean Delvare

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition exists in the ibmpex driver. The issue occurs because driver data is set to NULL before sensor attributes are removed. The function `ibmpex show sensor()` retrieves this driver data via `dev get drvdata()` but fails to check if the value is NULL before dereferencing it to access `data->sensors[]`. If a userspace process reads a sensor file while the delete function is executing, it can trigger a crash in `ibmpex show sensor()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A memory leak issue in the Linux kernel has been identified, specifically related to the thinkpad acpi module and the handling of EFCH MMIO resources. The problem arises because release resource() does not free the resource, unlike release mem region(), leading to a memory leak if the resource is not explicitly freed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.