SUSE CVE-2021-47649

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot has reported GPF in sgallocappendtablefrompages. The problem was in ubuf-pages == ZEROPTR. ubuf-pagecount is calculated from arguments passed from user-space. If user creates udmabuf with...

SUSE CVE-2021-47657

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree If virtiogpuobjectshmeminit fails e.g. due to fault injection, as it happened in the bug report by syzbot, virtiogpuarrayputfree could be called with objs equal to...

SUSE CVE-2022-49055

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmallocarray As the kmallocarray may return null, the 'eventwaitersi.wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmallocarray t...

SUSE CVE-2022-49122

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...

SUSE CVE-2022-49148

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Free the page array when watchqueue is dismantled Commit 7ea1a0124b6d "watchqueue: Free the alloc bitmap when the watchqueue is torn down" took care of the bitmap, but not the page array. BUG: memory leak unreferenced...

SUSE CVE-2022-49170

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operat...

SUSE CVE-2022-49249

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 bytes...

SUSE CVE-2022-49251

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...

SUSE CVE-2022-49252

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...

SUSE CVE-2022-49365

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Off by one in dmdmuboutbox1lowirq The ARRAYSIZE should be = ARRAYSIZE to prevent an out of bounds access...

SUSE CVE-2022-49478

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2i2ccoreinit Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw-unitnumber is initialized with -1 and then if init table walk fails...

SUSE CVE-2022-49548

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpftrampolinegetprogs The cnt value in the 'cnt = BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in...

SUSE CVE-2022-49551

In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1...

CVE-2025-21794 HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()

In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix stack-out-of-bounds read in usbcheckintendpoints Syzbot1 has detected a stack-out-of-bounds read of the epaddr array from hid-thrustmaster driver. This array is passed to usbcheckintendpoints function...

CVE-2025-21785

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions...

CVE-2025-21785 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate data/instructions...

CVE-2025-21785

The CVE-2025-21785 issue is in the Linux kernel (arm64) cacheinfo handling. A loop that detects/populates cache information previously did a bounds check on the array size but did not account for cache levels with separate data/instructions caches, allowing an out-of-bounds write to the cacheinfo...

CVE-2025-21777 ring-buffer: Validate the persistent meta data subbuf array

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...

CVE-2025-21777 ring-buffer: Validate the persistent meta data subbuf array

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...

CVE-2025-21777

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Validate the persistent meta data subbuf array The meta data for a mapped ring buffer contains an array of indexes of all the subbuffers. The first entry is the reader page, and the rest of the entries lay out the...