Xiaolong Huang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A NULL pointer dereference flaw was found in `rxrpc preparse s` in `net/rxrpc/server key.c` in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. The vulnerability is related to errors in the implementation of the `preparse server key()`, `free preparse server key()`, and `destroy server key()` functions in the Linux kernel, which can lead to a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.15.0-rc2+ **Description** The vulnerability is related to an array index out of bounds bug in the `cmtp add connection` function of the `isdn` component in the Linux kernel. This bug can be triggered when the `detach capi ctr` function is called to detach a register controller that is not attached yet. The vulnerability can cause a denial of service. Technical details about exploitation include: - The `cmtp add connection` function adds a cmtp session to a controller and runs a kernel thread to process cmtp. - The kernel thread calls `detach capi ctr` to detach a register controller, which can trigger the array-index-out-bounds bug if the controller is not attached yet. - The bug is caused by an index of -1 being out of range for the type `capi ctr *[32]`. - The `detach capi ctr` function is called by `cmtp session`, which is run by the kernel thread. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.