Michael Kerrisk

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the execution of commands with empty argv. The issue is described as forcing a single empty string when argv is empty. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux versions prior to 2.6.10 **Description** The issue allows local users to unlock the memory of other processes, potentially causing sensitive memory to be swapped to disk and read by other users once it has been released. **Recommendations** For Linux versions prior to 2.6.10, update to version 2.6.10 or later to resolve the issue.