Tuba Yavuz

Name of the Vulnerable Software and Affected Versions: Intel(R) IPP versions prior to 2020 update 1 Description: The issue is related to an observable timing discrepancy that may allow an authorized user to potentially enable information disclosure via local access. Recommendations: For versions prior to 2020 update 1, update to version 2020 update 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.16.4 **Description** A double-locking error in the Linux kernel may potentially cause a deadlock. The issue is related to the `f hid` function in `drivers/usb/dwc3/gadget.c`. **Recommendations** For versions prior to 4.16.4, update to version 4.16.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.14.11 **Description** The issue is related to a use-after-free error in the `usbtv probe` function, which can cause a system crash or potentially have other unspecified impacts. This occurs when the audio registration fails, leading to a `kfree` of the `usbtv` data structure during a `usbtv video free` call, but the code attempts to access and free this data structure again. **Recommendations** For Linux kernel versions prior to 4.14.11, update to version 4.14.11 or later to resolve the issue. As a temporary workaround, consider disabling the `usbtv probe` function until a patch is available. Restrict access to the `usbtv` module to minimize the risk of exploitation. Avoid using the `usbtv video free` function in conjunction with the `usbtv video fail` label until the issue is resolved.