Zhen Lei

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.10.45-rc1+ **Description** The issue is related to the execution of `fb delete videomode()` not being based on the result of the previous `fbcon mode deleted()`, leading to the direct deletion of a mode regardless of whether it is still in use. This may cause a use-after-free (UAF) vulnerability. The vulnerability is identified in the `fb mode is equal()` function in `drivers/video/fbdev/core/modedb.c`. **Recommendations** To resolve the issue, update the Linux kernel to a version that includes the fix for this vulnerability. As a temporary workaround, consider disabling the `fb delete videomode()` function until a patch is available. Restrict access to the vulnerable module `drivers/video/fbdev/core/modedb.c` to minimize the risk of exploitation. Avoid using the `fb set var()` function in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A vulnerability has been resolved in the Linux kernel. The issue is related to the `hw breakpoint` feature, where the `overflow handler` hook is not properly checked. A commit set a default `event->overflow handler` in `perf event alloc()`, but one check is missing, resulting in `bp->overflow handler` never being `NULL`. As a consequence, `enable single step()` is always not invoked. The vulnerability is related to the `perf/core` component and the `is default overflow handler()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.