Zhaolong Wang

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a NULL pointer dereference in the Linux kernel's mtd module, specifically when the ftl notifier is triggered and tries to access `gluebi->desc` in `gluebi read()`. This occurs when both ftl.ko and gluebi.ko are loaded. The normal case involves obtaining `gluebi->desc` in `gluebi get device()` and accessing it in `gluebi read()`, but `gluebi get device()` is not executed in advance in the `ftl add mtd()` process, leading to the NULL pointer dereference. The solution involves running jffs2 on the UBI volume without considering working with ftl or mtdblock. This problem can be avoided by preventing gluebi from creating the mtdblock device after creating an mtd partition of the type MTD UBIVOLUME. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the cifs component of the Linux kernel. When the network status is unstable, use-after-free may occur when reading data from the server. The vulnerability can be triggered by specific function calls, including `readpages fill pages`, `cifs read page from socket`, `cifs readv from socket`, `cifs reconnect`, and ` cifs reconnect`. The `mid->callback()` function, which calls `smb2 readv callback`, can also lead to the use-after-free of the `rdata` pointer. This vulnerability can potentially allow an attacker to elevate privileges in the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.