Justin Stitt

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8.0-rc2-00035-gb3ef86b5a957 Description: The vulnerability is related to a signed integer overflow in the block/ioctl.c file of the Linux kernel. This issue was identified using the syzkaller tool with the newly reintroduced signed integer overflow sanitizer. The overflow occurs when the value 9223372036854775807 is added to 4095, resulting in a value that cannot be represented in the 'long long' type. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a buffer overflow during tab completion in the Linux kernel. When a user attempts symbol completion with the Tab key, the kernel uses strncpy() to insert the completed symbol into the command buffer, but it passes the size of the source buffer rather than the destination, leading to predictable and severe consequences, such as writing past the end of the supplied buffer. This can be fixed by replacing the dubious strncpy() calls with memmove()/memcpy() calls plus explicit boundary checks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.