Rémi Denis-Courmont

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a race condition in the `skb queue empty()` function, where the receive queues are protected by their respective spin-lock, not the socket lock. This could lead to `skb peek()` unexpectedly returning NULL or a pointer to an already dequeued socket buffer. The vulnerability is also associated with the reuse of previously freed memory due to concurrent access to a resource, which could allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** D-Bus versions prior to 1.4.12 D-Bus versions prior to 1.4.1 **Description** The issue affects the D-Bus package in Gentoo Linux, allowing local exploitation that may lead to breaches in confidentiality, integrity, and availability of protected information. A stack consumption vulnerability exists, enabling local users to cause a denial of service by crashing the daemon with a message containing many nested variants. **Recommendations** For versions prior to 1.4.1, update to version 1.4.1 or later to resolve the stack consumption vulnerability. For versions prior to 1.4.12, update to version 1.4.12 or later to address the multiple vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** VideoLAN VLC versions prior to 0.9.0 **Description** The issue allows local users to execute arbitrary code via a malicious library under the modules/ or plugins/ subdirectories of the current working directory. This is due to an untrusted search path vulnerability. **Recommendations** For versions prior to 0.9.0, update to version 0.9.0 or later to resolve the issue.