Steffen Klassert

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential Spectre v1 gadget in the `xfrm xlate32 attr()` function. This could allow an attacker to leak kernel memory content to malicious users. The vulnerability is caused by the use of the `type` variable as an array index, which can be exploited to bypass security measures. The `array index nospec()` function can be used to prevent this type of attack. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 5.18.14 **Description** An issue was discovered in the Linux kernel where the `xfrm expand policies` function in `net/xfrm/xfrm policy.c` can cause a refcount to be dropped twice, potentially leading to a denial of service. This issue can be exploited by a remote attacker. **Recommendations** For Linux kernel versions through 5.18.14, as a temporary workaround, consider disabling the `xfrm expand policies` function until a patch is available. Restrict access to the `net/xfrm/xfrm policy.c` module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 3.5.7 **Description** The issue is related to the `xfrm state netlink` function in the Linux kernel, which does not properly handle error conditions in `dump one state` function calls. This can be exploited by local users with the `CAP NET ADMIN` capability to gain privileges or cause a denial of service, resulting in a NULL pointer dereference and system crash. **Recommendations** For Linux kernel versions prior to 3.5.7, update to version 3.5.7 or later to resolve the issue.