diff --git a/OpenCL/m20500_a3-pure.cl b/OpenCL/m20500_a3-pure.cl
index 7d5fdb59a..6adec0dc1 100644
--- a/OpenCL/m20500_a3-pure.cl
+++ b/OpenCL/m20500_a3-pure.cl
@@ -296,7 +296,7 @@ KERNEL_FQ void m20500_sxx (KERN_ATTR_VECTOR ())
   u32 prep1 = digests_buf[DIGESTS_OFFSET].digest_buf[1];
   u32 prep2 = digests_buf[DIGESTS_OFFSET].digest_buf[2];
 
-  for (u32 pos = pw_len - 1; pos >= 4; pos--)
+  for (int pos = pw_len - 1; pos >= 4; pos--)
   {
     const u32 t = hc_bfe_S (pws[gid].i[pos / 4], (pos & 3) * 8, 8);
 
diff --git a/docs/changes.txt b/docs/changes.txt
index 117252ae1..9e6862f00 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -22,6 +22,7 @@
 - Fixed invalid data type in the sha384_hmac_init_vector_128() function that take effect if the vector data type was specified manually
 - Fixed out-of-boundary read in input_tokenizer() if the signature in the hash is longer than the length of the plugin's signature constant
 - Fixed out-of-boundary read in the Stuffit5 module in hash_decode()
+- Fixed out-of-boundary read in PKZIP masterkey kernel if the password candidate has length zero
 - Fixed random rule generator option --generate-rules-func-min by fixing switch() case to not select a not existing option group type
 - Fixed segfault when a combination of the flags --user and --show is given and a hash was specified directly on the command line
 - Fixed syntax check of HAS_VPERM macro in several kernel includes causing invalid error message for AMD GPUs on Windows
diff --git a/include/types.h b/include/types.h
index 528887e4a..e180da4e8 100644
--- a/include/types.h
+++ b/include/types.h
@@ -1242,6 +1242,7 @@ typedef struct hc_device_param
   u32     kernel_loops_min_sav; // the _sav are required because each -i iteration
   u32     kernel_loops_max_sav; // needs to recalculate the kernel_loops_min/max based on the current amplifier count
   u32     kernel_threads;
+  u32     kernel_threads_prev;
   u32     kernel_threads_min;
   u32     kernel_threads_max;
 
diff --git a/src/autotune.c b/src/autotune.c
index 9f2ac312c..a9b4184b7 100644
--- a/src/autotune.c
+++ b/src/autotune.c
@@ -196,7 +196,9 @@ static int autotune (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param
     // from here it's clear we are allowed to autotune
     // so let's init some fake words
 
-    const u32 kernel_power_max = device_param->hardware_power * kernel_accel_max;
+    const u32 hardware_power_max = ((hashconfig->opts_type & OPTS_TYPE_MP_MULTI_DISABLE) ? 1 : device_param->device_processors) * kernel_threads_max;
+
+    const u32 kernel_power_max = hardware_power_max * kernel_accel_max;
 
     if (device_param->is_cuda == true)
     {
diff --git a/src/backend.c b/src/backend.c
index aa632f2f1..8c1da3e38 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -10705,8 +10705,6 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
 
   u64 size_total_host_all = 0;
 
-  u32 hardware_power_all = 0;
-
   for (int backend_devices_idx = 0; backend_devices_idx < backend_ctx->backend_devices_cnt; backend_devices_idx++)
   {
     /**
@@ -14497,7 +14495,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
     //    device_param->kernel_threads = kernel_threads;
     device_param->kernel_threads = 0;
 
-    device_param->hardware_power = ((hashconfig->opts_type & OPTS_TYPE_MP_MULTI_DISABLE) ? 1 : device_processors) * device_param->kernel_threads_max;
+    u32 hardware_power_max = ((hashconfig->opts_type & OPTS_TYPE_MP_MULTI_DISABLE) ? 1 : device_processors) * device_param->kernel_threads_max;
 
     u32 kernel_accel_min = device_param->kernel_accel_min;
     u32 kernel_accel_max = device_param->kernel_accel_max;
@@ -14520,7 +14518,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
 
     // this is device_processors * kernel_threads
 
-    accel_limit /= device_param->hardware_power;
+    accel_limit /= hardware_power_max;
 
     // single password candidate size
 
@@ -14563,7 +14561,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
 
     while (kernel_accel_max >= kernel_accel_min)
     {
-      const u64 kernel_power_max = device_param->hardware_power * kernel_accel_max;
+      const u64 kernel_power_max = hardware_power_max * kernel_accel_max;
 
       // size_pws
 
@@ -14736,7 +14734,7 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
     {
       while (kernel_accel_max > kernel_accel_min)
       {
-        const u64 kernel_power_max = device_param->hardware_power * kernel_accel_max;
+        const u64 kernel_power_max = hardware_power_max * kernel_accel_max;
 
         if (kernel_power_max > hashes->salts_cnt)
         {
@@ -15050,18 +15048,9 @@ int backend_session_begin (hashcat_ctx_t *hashcat_ctx)
       }
     }
 
-    hardware_power_all += device_param->hardware_power;
-
     EVENT_DATA (EVENT_BACKEND_DEVICE_INIT_POST, &backend_devices_idx, sizeof (int));
   }
 
-  if (user_options->benchmark == false)
-  {
-    if (hardware_power_all == 0) return -1;
-  }
-
-  backend_ctx->hardware_power_all = hardware_power_all;
-
   EVENT_DATA (EVENT_BACKEND_SESSION_HOSTMEM, &size_total_host_all, sizeof (u64));
 
   return 0;
@@ -15550,8 +15539,12 @@ void backend_session_reset (hashcat_ctx_t *hashcat_ctx)
     #else
     device_param->timer_speed.tv_sec = 0;
     #endif
+
+    device_param->kernel_power   = 0;
+    device_param->hardware_power = 0;
   }
 
+  backend_ctx->hardware_power_all = 0;
   backend_ctx->kernel_power_all   = 0;
   backend_ctx->kernel_power_final = 0;
 }
diff --git a/src/dispatch.c b/src/dispatch.c
index 78be36598..3f60ecc21 100644
--- a/src/dispatch.c
+++ b/src/dispatch.c
@@ -321,11 +321,13 @@ static int calc_stdin (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_par
     if (device_param->speed_only_finish == true) break;
   }
 
-  device_param->kernel_accel_prev = device_param->kernel_accel;
-  device_param->kernel_loops_prev = device_param->kernel_loops;
+  device_param->kernel_accel_prev   = device_param->kernel_accel;
+  device_param->kernel_loops_prev   = device_param->kernel_loops;
+  device_param->kernel_threads_prev = device_param->kernel_threads;
 
-  device_param->kernel_accel = 0;
-  device_param->kernel_loops = 0;
+  device_param->kernel_accel   = 0;
+  device_param->kernel_loops   = 0;
+  device_param->kernel_threads = 0;
 
   if (iconv_enabled == true)
   {
@@ -1579,11 +1581,13 @@ static int calc (hashcat_ctx_t *hashcat_ctx, hc_device_param_t *device_param)
     }
   }
 
-  device_param->kernel_accel_prev = device_param->kernel_accel;
-  device_param->kernel_loops_prev = device_param->kernel_loops;
+  device_param->kernel_accel_prev   = device_param->kernel_accel;
+  device_param->kernel_loops_prev   = device_param->kernel_loops;
+  device_param->kernel_threads_prev = device_param->kernel_threads;
 
-  device_param->kernel_accel = 0;
-  device_param->kernel_loops = 0;
+  device_param->kernel_accel   = 0;
+  device_param->kernel_loops   = 0;
+  device_param->kernel_threads = 0;
 
   return 0;
 }
diff --git a/src/status.c b/src/status.c
index c26e43e51..921c9be55 100644
--- a/src/status.c
+++ b/src/status.c
@@ -2194,6 +2194,8 @@ int status_get_kernel_threads_dev (const hashcat_ctx_t *hashcat_ctx, const int b
 
   if (device_param->skipped_warning == true) return 0;
 
+  if (device_param->kernel_threads_prev) return device_param->kernel_threads_prev;
+
   return device_param->kernel_threads;
 }