Jimmy Hu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the `tcpm pd svdm()` function. This can occur when `typec register partner()` returns an error, causing a NULL pointer dereference. The vulnerability may allow an attacker to cause a denial of service. Technical details about exploitation include the `tcpm pd data request()` and `tcpm pd rx handler()` functions, as well as the `port->partner` variable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the xhci component in the Linux kernel, where a NULL pointer dereference can occur when the host controller is not responding, causing a kernel panic. This happens when all URBs queued to all endpoints need to be killed, and an invalid endpoint is dereferenced. The fix involves using the xhci get virt ep() helper to find the endpoint and checking its validity before dereferencing. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.