SUSE-SU-2026:0033-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50280: pnode: terminate at peers of source bsc1249806. - CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow bsc1251786. -...

OreaHax-Framework

OreaHax-Framework ╔════════════════════════════════════...

CVE-2025-15218

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The...

SUSE CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993020)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993020 advisory. In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpicpufreqgetrate cpufreqcpugetraw can return NULL when the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993217)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993217 advisory. In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAPTOMASK Shifting signed 32-bit value by 3...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992750 advisory. In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device v2 If the DMA mask is not set explicitly, the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993045)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993045 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector is...

EUVD-2023-60513

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

EUVD-2023-60426

In the Linux kernel, the following vulnerability has been resolved: virtio-vdpa: Fix cpumask memory leak in virtiovdpafindvqs Free the cpumask allocated by createaffinitymasks before returning from the function...

CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2023-54295

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-boun...

UBUNTU-CVE-2023-54291

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2023-54291 vduse: fix NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2023-54291

CVE-2023-54291 affects the Linux kernel’s vduse/vdpa code. The issue is a NULL pointer dereference when vduse_vdpa_set_vq_affinity is called with cpu_mask NULL during device deletion. The patch fixes the crash by resetting the virtqueue IRQ affinity mask to cover all CPUs instead of dereferencing...

CVE-2023-54291 vduse: fix NULL pointer dereference

In the Linux kernel, the following vulnerability has been resolved: vduse: fix NULL pointer dereference vdusevdpasetvqaffinity callback can be called with NULL value as cpumask when deleting the vduse device. This patch resets virtqueue's IRQ affinity mask value to set all CPUs instead of...

CVE-2025-15218

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The...

EUVD-2025-205684

A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing manipulation of the argument lanMask can lead to buffer overflow. The...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the use of null cpumask when setting virtual queue affinities, which could lead to null pointer dereferences...

Tenda M3 安全漏洞

Tenda M3 is a wireless controller AC from Tenda, which is aimed at scenarios such as hotel chains, low-star hotels and small and medium-sized businesses. Tenda M3 heap buffer overflow vulnerability exists, the vulnerability stems from the file / goform / setInternetLanInfo function...