John Keeping

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A issue in the Linux kernel has been resolved, related to the MIDI Streaming descriptor lengths in the `f midi` gadget. The descriptors are filled with incorrect information when the number of in and out ports differ, causing the host to receive broken descriptors with uninitialized stack memory. This occurs because `bNumEmbMIDIJack` and `bLength` are set incorrectly in these descriptors. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds read in the `rk gmac setup()` function of the dwmac-rk component in the Linux kernel. This occurs because the `regs` flexible array member is empty for most platforms, causing the memory after the `ops` structure to be read. Although this often contains zero and does not immediately cause issues, it still represents a potential problem. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** To resolve the issue, apply the fix for the out-of-bounds read in `rk gmac setup()` by adding a new flag to indicate whether the `regs` field is valid and avoid the loop when it is not. At the moment, there is no information about a newer version that contains a fix for this vulnerability.