Yujie Liu

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the sched/eevdf component in the Linux kernel, where the function `reweight eevdf()` computes the `vlag` without considering the limit placed upon `vlag` as `update entity lag()` does. This can lead to a scaling multiplication overflow, causing the new `vruntime` to be incorrect, which in turn leads to `entity eligible()` returning falsely negative. As a result, `pick eevdf()` may return NULL, causing a NULL-deref. The problem is rare but fatal when it occurs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue arises when a dynamic event, such as a kprobe event, is traced and then removed, allowing its type number to be reused by a newly created dynamic event. This can lead to the new event's logic being used to parse the binary blob, potentially causing problems. The issue can be demonstrated by creating and removing 65536 dynamic events, which can cause the kernel to crash. Technical details include the use of the `kprobe events` file to create and remove events, and the `do sys openat2` function call being traced. The `arg1` variable is used to store the first parameter of the function call, and the `+0($arg2):string` syntax is used to read a string from the `arg2` variable. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.