Silvio Cesare

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.17.4 **Description** The issue is related to an integer overflow in the `uvesafb setcmap` function, which could allow local attackers to crash the kernel or potentially elevate privileges. This is because `kmalloc array` is not used. The vulnerability may be exploited to cause a denial of service or to gain elevated privileges. **Recommendations** For Linux kernel versions prior to 4.17.4, update to version 4.17.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the `uvesafb setcmap` function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** glibc versions 2.3.4 before 2.3.4.20040619 glibc versions 2.3.3 before 2.3.3.20040420 glibc versions 2.3.2 before 2.3.2-r10 glibc version 2.2.4 **Description** The issue allows local users to gain sensitive information, such as the list of symbols used by the program, due to the lack of restriction on the use of LD DEBUG for a setuid program. Exploitation of the vulnerabilities can lead to disruption of protected information integrity and confidentiality. The exploitation can be performed locally. **Recommendations** For glibc versions 2.3.4 before 2.3.4.20040619, update to version 2.3.4.20040619 or later. For glibc versions 2.3.3 before 2.3.3.20040420, update to version 2.3.3.20040420 or later. For glibc versions 2.3.2 before 2.3.2-r10, update to version 2.3.2-r10 or later. For glibc version 2.2.4, consider upgrading to a newer version of glibc to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability for glibc version 2.2.4.