Mikko Rapeli

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the Linux kernel's mmc core component, where a negative index can be accessed with an array. This occurs because the iterator `i` is not checked to be greater than zero before assigning `prev idata = idatas[i - 1]`. The vulnerability may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to incorrect error handling in the optee module of the Linux kernel, specifically when registering devices on the TEE bus. This can lead to a kernel panic. The error path has a bug that causes the kernel to panic when it fails to register devices. The commit that introduced this bug is mentioned as 7269cba53d90 ("tee: optee: Fix supplicant based device enumeration"). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.