Sherry Yang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the RDMA/rxe component in the Linux kernel. In the `rxe comp queue pkt()` function, an incoming response packet `skb` is enqueued to the `resp pkts` queue, and then a decision is made whether to run the completer task inline or schedule it. The `skb` is then dereferenced to bump a 'hw' performance counter. However, if the completer task is already running in a separate thread, it may have already processed the `skb` and freed it, which can cause a seg fault. This has been observed infrequently in testing at high scale. The patch fixes this by changing the order of enqueuing the packet until after the counter is accessed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential context use-after-free (UAF) in the Linux kernel's drm/i915 component. The `gem context register()` function makes the context visible to userspace, allowing a separate thread to trigger the `I915 GEM CONTEXT DESTROY` ioctl. To prevent this, it is necessary to ensure that nothing uses the `ctx` pointer after this point and that adding the `ctx` to the xarray is the last thing `gem context register()` does with the `ctx` pointer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.