Yunlei He

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the f2fs component of the Linux kernel, where the SB INLINECRYPT flag is cleared and re-set during the f2fs remount process. If a new file is created or opened during this time, it may not use inlinecrypt, potentially leading to data corruption if wrappedkey v0 is enabled. This is due to a race condition between two threads, Thread A and Thread B, where Thread A clears the SB INLINECRYPT flag and Thread B attempts to use it before it is re-set. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13 Description: The issue is related to the handling of extent trees in the Linux kernel, which can be exploited by local users to cause a denial of service. This can be achieved through an application with multiple threads. Recommendations: For Linux kernel versions prior to 4.13, update to version 4.13 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 4.13 Description: The issue allows local users to cause a denial of service, resulting in a NULL pointer dereference and panic. This occurs when using a noflush merge option that triggers a NULL value for a `flush cmd control` data structure. Recommendations: For versions prior to 4.13, update to version 4.13 or later to resolve the issue.