Marek Behún

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to a potential use-after-free error in the phylib component of the Linux kernel. This error occurs because the `phy device reset(phydev)` function is called after the `put device()` call in `phy detach()`, which might cause the `phydev` to be freed prematurely. The comment before the `put device()` call indicates that the `phydev` might go away with `put device()`. To fix this, the `phy device reset()` function should be called before `put device()`. The vulnerability may allow an attacker to elevate privileges in the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the PCI: aardvark component in the Linux kernel, where starting a new PIO transfer by writing value 0 in the PIO START register when the previous transfer has not yet completed causes an External Abort on the CPU, resulting in a kernel panic. This happens because the kernel may issue a new PIO request while the previous one has not finished, especially during link retraining or after a link down event, which can take up to 1.44 seconds to time out. To prevent kernel panic, it is required to reject a new PIO transfer when the previous one has not finished yet. The kernel may issue a new PIO request only if the previous PIO transfer timed out. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.