Thomas Gleixner

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue occurs when a system has isolated CPUs via the "isolcpus=" command line parameter, and an attempt is made to offline the last housekeeping CPU. This results in a WARN ON() when rebuilding the scheduler domains and a subsequent panic due to an unhandled empty CPU mask in partition sched domains locked(). The functions `cpuset hotplug workfn()` and `rebuild sched domains locked()` are involved in this process. The `cpumask and()` function is used with `doms[0]`, `top cpuset.effective cpus`, and `housekeeping cpumask(HK FLAG DOMAIN)`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to the Linux kernel's virtual Ethernet (veth) component. When XDP (eXpress Data Path) is enabled, veth sets the NETIF F GRO flag automatically because both features use the same NAPI machinery. However, the logic to clear this flag is skipped when the device is brought down, which can lead to a stray GRO flag being set when XDP is disabled and then the device is brought up. This can cause the system to crash or hang when features are synchronized, either by the user via ethtool or by a peer changing its configuration. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.