Kai-Heng Feng

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A race condition between the `.runtime idle()` callback and the `.remove()` callback in the `rtsx pcr` PCI driver leads to a kernel crash due to an unhandled page fault. The problem is that `rtsx pci runtime idle()` is not expected to be running after `pm runtime get sync()` has been called, but the latter doesn't really guarantee that. To address this race condition, one way is to call `pm runtime barrier()` after `pm runtime get sync()` to wait for the `.runtime idle()` callback to complete should it be running at that point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the HID intel-ish-hid ipc component in the Linux kernel. It involves the handling of the ACPI GPE bit, which is used for wake-up capabilities on EHL (Elkhart Lake) based platforms. When the system is in the S5 (Soft-Off) state, the OOB (Out of band) service allows the device to wake up. However, the BIOS clearing of the wakeup bit on resume does not decrement the internal OS GPE reference count, leading to a potential reference count overflow when the driver re-enables the bit. To resolve this, the driver needs to first disable and then re-enable the ACPI GPE bit using the acpi disable gpe() function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.