Mans Rullgard

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a null pointer dereference within the `spi sync()` function in the Linux kernel. This occurs when `spi sync()` is called with a non-empty queue and the same `spi message` is reused, leading to the complete callback for the message remaining set while the context is cleared. As a result, a null pointer dereference happens when the callback is invoked from `spi finalize current message()`. The fix involves setting `message->complete` to NULL when the transfer is complete. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Sound eXchange (SoX) versions 14.4.2 and earlier Description: The issue is related to a corrupt header that specifies zero channels, triggering an infinite loop and a resultant NULL pointer dereference in the startread function in xa.c. This may allow a remote attacker to cause a denial-of-service. Recommendations: For versions 14.4.2 and earlier, update to a version that fixes the issue in the startread function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.