Stefano Garzarella

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the `vsock * has data()` function in the Linux kernel, specifically in the `net/vmw vsock/af vsock.c` module. It involves a null pointer dereference. The problem occurs when `vsock * has data()` is called on a vsock socket that has been de-assigned from a transport. To prevent this, the code now returns 0 (indicating no space or data available) with a warning, allowing the system to continue running in a nearly consistent state and enabling debugging of future problems. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 6.2.0 **Description** A NULL pointer dereference issue was found in the block mirror layer of QEMU. The `self` pointer is dereferenced in `mirror wait on conflicts()` without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node. **Recommendations** For QEMU versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the block mirror layer to minimize the risk of exploitation.