Syed Faraz Abrar

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A flaw exists in the MCTP (Management Component Transport Protocol) implementation where `RTM GETNEIGH` requests return uninitialized data within the padding bytes of the `ndmsg` data. This occurs because netlink data in the link, address, and neighbor response messages were not properly initialized to zero. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 7.0.20 **Description** A difficult to exploit vulnerability in Oracle VM VirtualBox allows a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. **Recommendations** For versions prior to 7.0.20, update to version 7.0.20 or later to resolve the issue. At the moment, there is no information about additional mitigation measures.