An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the way a user triggers ioctl FBIOPUT_VSCREENINFO with malicious data. This flaw allows a local user to crash or potentially escalate their privileges on the system. The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol. This allows Xen PV guest OS users to cause a denial of service or gain privileges. An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice