Xin Liu

Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

**Name of the Vulnerable Software and Affected Versions** Microsoft PC Manager (affected versions not specified) **Description** Improper link resolution before file access and missing authentication for a critical function allow an authorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability in the Linux kernel has been resolved. The issue occurs when a BPF program attached to the `file alloc security` hook returns a positive number, causing a kernel panic. This happens because the file system cannot filter out the positive number returned by the LSM program using `IS ERR`, and misinterprets this positive number as a file pointer. The patch adds an LSM return value check in the verifier to ensure no unexpected value is returned. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.