Notselwyn

**Name of the Vulnerable Software and Affected Versions:** kernel versions prior to 6.1.77-alt1 kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, kernel-uek-tools versions prior to 6.1.77-alt1 kernel versions 5.10.206 through 5.10.209 (Debian 10 buster) kernel version 4.12.14-122 186 **Description:** Multiple vulnerabilities have been discovered in various Linux kernel packages, including bpftool, kernel, kernel-abi-whitelists, kernel-debug, kernel-debug-devel, kernel-devel, kernel-doc, kernel-headers, kernel-tools, kernel-tools-libs, kernel-tools-libs-devel, perf, and python-perf. These vulnerabilities may lead to privilege escalation, denial of service, or information leaks. Specifically, a use-after-free vulnerability exists in the nf tables component of kernel version 4.12.14-122 186, which could be exploited to achieve local privilege escalation. **Recommendations:** Update to kernel version 6.1.77-alt1 or later. Update kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, and kernel-uek-tools to version 6.1.77-alt1 or later. For Debian 10 buster, update to kernel version 5.10.209-2~deb10u1 or later. For kernel version 4.12.14-122 186, apply the available update to address the use-after-free vulnerability.

**Name of the Vulnerable Software and Affected Versions** Nanoleaf firmware versions prior to 7.1.1 **Description** The issue is related to missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack. This affects IoT smart lights, enabling unauthenticated remote code execution. **Recommendations** For versions prior to 7.1.1, update to a version that includes TLS verification to prevent arbitrary code execution via DNS hijacking attacks. As a temporary workaround, consider restricting access to the device until a patch is available. Avoid using the device in untrusted networks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Nanoleaf Desktop App versions prior to 1.3.1 **Description** A command injection issue was discovered, which can be exploited through a crafted HTTP request. **Recommendations** For versions prior to 1.3.1, update to version 1.3.1 or later to resolve the issue.