Nicolas Iooss

**Name of the Vulnerable Software and Affected Versions** Das U-Boot versions through 2022.07-rc5 **Description** The issue is caused by an integer signedness error and a resultant stack-based buffer overflow in the "i2c md" command. This enables the corruption of the return address pointer of the `do i2c md` function. **Recommendations** For Das U-Boot versions through 2022.07-rc5, as a temporary workaround, consider disabling the `do i2c md` function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SELinux version 3.2 **Description** The issue is related to a use-after-free error in the ` cil verify classperms()` function of the SELinux access control system. This error can be exploited to cause a denial of service. The ` cil verify classperms()` function is called from ` cil verify classpermission` and ` cil pre verify helper`. **Recommendations** For SELinux version 3.2, consider disabling the ` cil verify classperms()` function as a temporary workaround until a patch is available. Restrict access to the affected components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.