In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits.

The flaw is in the seqiv IV generator and can lead to a use-after-free when backlogged crypto requests return -EBUSY. Triggering it is easier locally by flooding the kernel crypto API (e.g. via AF_ALG or many concurrent AEAD requests) because the attacker must create backlog conditions. Remote triggering is much harder and only realistic for specific configurations (for example an in-kernel IPsec/TLS path that uses seqiv for AEAD). In practice this means an unprivileged local user with access to the kernel crypto interface is the most likely threat vector, while a remote attacker would need the target to both use seqiv and be inducible into heavy crypto backlog.

A local unprivileged user can trigger this issue by creating deeply nested chains of epoll file descriptors using the standard epoll_create and epoll_ctl syscalls. No special capabilities or elevated rights are required — any user with the ability to open file descriptors can exploit it. This can lead to excessive kernel stack usage and ultimately a denial of service (system crash).

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors.