Yuntao Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a potential static command line memory overflow in the Linux kernel. This occurs when the length of `command line` is greater than the length of `boot command line`, causing `static command line` to overflow. The problem arises from the incorrect allocation of memory for `static command line`, where the size is calculated based on `boot command line` instead of `command line`. This patch recovers the correct length of `command line` which was previously miss-consolidated with `boot command line`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A potential array overflow issue has been identified in the Linux kernel, specifically in the bpf trampoline get progs() function. The issue arises when the number of attached BPF TRAMP MODIFY RETURN bpf programs in a trampoline exceeds BPF MAX TRAMP PROGS, causing an array overflow due to the assignment '*progs++ = aux->prog'. This occurs because the 'cnt >= BPF MAX TRAMP PROGS' check does not account for BPF TRAMP MODIFY RETURN bpf programs. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.