Russell King

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved, related to the deletion of VLANs when MST is unsupported. The issue arises from the `mv88e6xxx port vlan leave()` function, which attempts to find an MST entry associated with the SID but fails and returns -ENOENT. This is because some chip implementations do not populate `vlan.sid`, leading to the use of garbage SID values. The fix involves testing for `sid == 0` to cover non-bridge VLANs or bridge VLANs mapped to the default MSTI, and adding a test for `mv88e6xxx has stu()` inside `mv88e6xxx mst put()` to avoid accessing uninitialized memory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 6.8.2 **Description** A vulnerability in the Linux kernel has been resolved, which was caused by a change in the semantics of the `pfn valid()` function. This change led to a crash during a UIO test with a specific memory layout. The crash occurred because a valid page for a reserved but not mapped address by the kernel was not properly handled. The issue was solved by checking if `PG reserved` was set. **Recommendations** To resolve this issue, upgrade the Linux kernel to a version newer than 6.8.2. Note: The provided information does not specify the exact version that contains the fix, but it is mentioned that versions up to 6.8.2 are affected. Therefore, upgrading to a newer version should mitigate the issue.