Kun Hu

Name of the Vulnerable Software and Affected Versions: Linux Kernel (affected versions not specified) Description: A vulnerability in the Linux kernel has been resolved, specifically in the gfs2 module. The issue occurs when flipping the GFS2 DIF JDATA flag, which determines whether pages in the address space use buffer heads or iomap folio state structs. Since these two cannot be mixed, the address space of an inode needs to be truncated when the flag is flipped. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.6.74 **Description** The issue concerns a race condition when processing SysEx messages in the ALSA sequencer OSS layer. The OSS sequencer handles SysEx messages split into 6-byte packets, and the ALSA sequencer OSS layer attempts to combine them, storing data in an internal buffer. This access is racy and may lead to out-of-bounds access. **Recommendations** As a temporary workaround, consider introducing a mutex to serialize the process of SysEx message packets. Update to Linux kernel version 6.6.74 or later to resolve the issue.