Sudip Mukherjee

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to the fix of the NULL dereference issue in the fbdev module **Description** A NULL dereference issue has been identified in the Linux kernel, specifically in the fbdev module. This issue occurs when attempting to unregister framebuffers without an underlying device in the Linux device hierarchy. The problem arises from the fact that OF framebuffers do not have an associated platform device, which can be hot-unplugged before loading the native graphics driver. As a result, a NULL pointer dereference can occur, leading to a kernel crash. An example error message is provided, showcasing the issue on a ppc64le system. **Recommendations** For Linux kernel versions prior to the fix, consider applying the patch that fixes the unregistering of framebuffers without devices to prevent the NULL dereference issue. As a temporary workaround, consider disabling the use of OF framebuffers until a patched version of the kernel is available.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to an out-of-bounds read flaw in the Linux kernel's io uring module. This flaw can be triggered by a user calling the `io read()` function with specific parameters, allowing a local user to read memory out of bounds. This could potentially lead to the disclosure of protected information or cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.