Yi Ren

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 6.1.28 **Description** The issue is related to a buffer overflow in the Core component of Oracle VM VirtualBox, which can be exploited to cause a denial of service. A high-privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes can compromise Oracle VM VirtualBox, resulting in the ability to cause a hang or frequently repeatable crash. **Recommendations** For versions prior to 6.1.28, update to version 6.1.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle MySQL Server versions 8.0.23 and prior **Description** The issue is related to insufficient input validation in the Server: Optimizer component of Oracle MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. **Recommendations** For versions 8.0.23 and prior, update to a version later than 8.0.23 to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MySQL Server versions 8.0.21 and prior **Description** The issue is related to insufficient input validation in the MySQL Server product, specifically in the Server: DML component. This allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the takeover of the MySQL Server or cause a hang or frequently repeatable crash (complete DOS) of the server. **Recommendations** For versions 8.0.21 and prior, update to a version that contains a fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.31 and prior MySQL Server versions 8.0.21 and prior Description: The issue is related to insufficient input validation in the MySQL Server product, allowing a high-privileged attacker with network access via multiple protocols to compromise the server. Successful attacks can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of the MySQL Server. Recommendations: For MySQL Server versions 5.7.31 and prior, update to a version later than 5.7.31 to resolve the issue. For MySQL Server versions 8.0.21 and prior, update to a version later than 8.0.21 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** QEMU version 4.2.0 **Description** The issue is related to an out-of-bounds access in the PCI configuration space and a buffer overflow in the ati mm read function. This could allow an attacker to cause a denial of service. **Recommendations** For QEMU version 4.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU version 4.2.0 **Description** The issue is related to the ati-vga component in the QEMU hardware emulator, which is vulnerable to uncontrolled recursion. This can be triggered by a crafted mm index value during an ati mm read or ati mm write call, potentially allowing an attacker to cause a denial of service. **Recommendations** For QEMU version 4.2.0, as a temporary workaround, consider disabling the ati-vga component to minimize the risk of exploitation. Restrict access to the `ati mm read` and `ati mm write` functions until a patch is available. Avoid using the `mm index` variable in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.3.4 **Description** The issue is related to the fib6 rule lookup function in the Linux kernel, which mishandles the RT6 LOOKUP F DST NOREF flag in a reference-count decision. This can lead to a crash, as identified by syzkaller. The vulnerability is also associated with errors in handling exceptional states, which can be exploited to cause a denial of service. **Recommendations** For Linux kernel versions prior to 5.3.4, update to version 5.3.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the fib6 rule lookup function to minimize the risk of exploitation.