Thomas Weißschuh

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue arises from the ioctl and sysfs handlers unconditionally calling the `->enable` callback, which can lead to NULL dereferences if not all drivers implement this callback. Affected drivers include ptp s390.c, ptp vclock.c, and ptp mock.c. To address this, a dummy callback is used if no better callback was specified by the driver. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.58 Description: A vulnerability in the Linux kernel has been identified where the `description show()` function accesses invalid memory if the return type of the ` STR` method is not a buffer object. Only buffer objects are valid return values of ` STR`. Recommendations: For versions prior to 6.6.58, update to version 6.6.58 or later to resolve the issue. As a temporary workaround, consider restricting access to the ` STR` method to minimize the risk of exploitation.