Nuno Sa

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A buffer overflow issue has been resolved in the Linux kernel, specifically in the iio: adc: ad7923 module. The AD7923 was updated to support devices with 8 channels, but the size of `tx buf` and `ring xfer` was not increased accordingly, leading to a potential buffer overflow in the `ad7923 update scan mode()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: The issue is related to a NULL pointer dereference in the Linux kernel, specifically in the adp5589-keys input module. The problem occurs because `i2c set clientdata()` is set at the end of the probe function, which can lead to a NULL pointer dereference if the probe function fails early. This is due to the devm action calling `adp5589 clear config()` and passing the i2c client as an argument to get the device object using `i2c get clientdata()`. Recommendations: For versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider disabling the `adp5589 clear config()` function until a patch is available. Restrict access to the vulnerable `adp5589-keys` module to minimize the risk of exploitation. Avoid using the `i2c client` variable in the affected API endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible NULL pointer dereference in the `axi fan control irq handler()` function, which is dependent on the private `axi fan control data` structure. This function might be called before the hwmon device is registered, causing an "Unable to handle kernel NULL pointer dereference" error. The vulnerability could allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.