Radu Rendec

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, specifically related to an out-of-bounds write to the cacheinfo array on arm64 architectures. The issue arises from a loop that detects and populates cache information, which has a bounds check on the array size but fails to account for cache levels with separate data and instructions cache. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the `rswitch tx free()` function, which is inlined in `rswitch poll()`. This occurs because `skb` and `gq->skbs[gq->dirty]` are the same pointer. The `skb` is first freed using `dev kfree skb any()`, and then the value in `skb->len` is used to update interface statistics. This bug can be easily reproduced using KFENCE and will trigger a splat every few packets, with a simple ARP request or ICMP echo request being enough to exploit it. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.