Song Liu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A general protection fault can occur in the Linux kernel due to a failure in the `register ftrace direct` function. This issue arises when the `ftrace find rec direct` function is called, leading to a non-canonical address access. The problem is triggered by loading a livepatch that patches a kernel function and then running a `bpftrace` command that fails, causing a general protection fault on subsequent attempts. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** To resolve this issue, update the Linux kernel to a version that includes the fix for the `register ftrace direct` failure. As a temporary workaround, consider disabling the `bpftrace` functionality until a patch is available. Additionally, restrict access to the `ftrace` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to list corruption in the `perf cgroup switch()` function, specifically on the `cgrp cpuctx list`. This corruption occurs when removing an event from the list during iteration. The vulnerability can be exploited to cause a denial of service. The path where this happens includes `perf cgroup switch()`, `list for each entry(cgrp cpuctx list)`, `cpu ctx sched in`, `ctx sched in`, `ctx pinned sched in`, `merge sched in`, and `perf cgroup event disable`. To fix this, `list for each entry safe()` should be used to allow removing an entry during iteration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to XP SP3, 2000 SP4, and Server 2003 **Description** The issue allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options. **Recommendations** For Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, and Server 2003, update to a newer version to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.