Xi Ruoyao

**Name of the Vulnerable Software and Affected Versions** curl versions prior to 8.17.0 **Description** The software is susceptible to a path traversal issue when handling URLs with percent-encoded slashes. This could allow an attacker to access files outside the intended directory. **Recommendations** Update to curl version 8.17.0 or later.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue concerns the use of `smp processor id()` in preemptible code, which can lead to errors when the driver is enabled. The problem arises from the `loongson3 cpufreq probe()` function calling `do service request()`, where `smp processor id()` is used. This can cause bugs, as indicated by the error message "using `smp processor id()` in preemptible [00000000] code." The solution involves using `raw smp processor id()` instead of `smp processor id()` in `do service request()` to prevent these errors. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSSL versions 3.0.4 **Description** The issue is related to a serious bug in the RSA implementation for X86 64 CPUs supporting the AVX512IFMA instructions. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines, leading to memory corruption during computation. As a consequence of the memory corruption, an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86 64 architecture are affected by this issue. **Recommendations** For OpenSSL version 3.0.4, update to version 3.0.5 to fix the issue. As a temporary workaround, consider disabling the use of 2048 bit RSA private keys on machines supporting AVX512IFMA instructions of the X86 64 architecture until a patch is available. Restrict access to SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86 64 architecture to minimize the risk of exploitation.