SUSE CVE-2023-54162

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible memory leak in smb2lock argv needs to be free when setupasyncwork fails or when the current process is woken up...

SUSE CVE-2023-54231

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix memory leak in wxsetuprxresources When wxallocpagepool failed in wxsetuprxresources, it doesn't release DMA buffer. Add dmafreecoherent in the error path to release the DMA buffer...

SUSE CVE-2023-54233

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

SUSE CVE-2023-54241

In the Linux kernel, the following vulnerability has been resolved: MIPS: KVM: Fix NULL pointer dereference After commit 45c7e8af4a5e3f0bea4ac209 "MIPS: Remove KVMTE support" we get a NULL pointer dereference when creating a KVM guest: 146.243409 Starting KVM with MIPS VZ extensions 149.849151 CP...

SUSE CVE-2023-54294

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993258)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993258 advisory. In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setupbasectxt setupbasectxt allocates a memory chunk for...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992707 advisory. In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispcovlsetup is not intended to work with the...

CVE-2025-15258 Edimax BR-6208AC Web-based Configuration formALGSetup redirect

A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be...

EUVD-2025-205600

phpMyFAQ has unauthenticated config backup download via /api/setup/backup...

EUVD-2023-60510

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...

EUVD-2023-60390

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: Limit TCATAPRIOATTRSCHEDCYCLETIME to INTMAX. syzkaller found zero division error 0 in divs64rem called from getcycletimeelapsed, where sched-cycletime is the divisor. We have tests in parsetaprioschedule so tha...

EUVD-2023-60408

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: avoid a NULL dereference with unsupported widgets If an IPC4 topology contains an unsupported widget, its .moduleinfo field won't be set, then sofipc4routesetup will cause a kernel Oops trying to dereference it. Add a...

EUVD-2022-55861

In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag8021q: avoid leaking ctx on dsatag8021qregister error path If dsatag8021qsetup fails, for example due to the inability of the device to install a VLAN, the tag8021q context of the switch will leak. Make sure it is...

CVE-2023-54294

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...

CVE-2023-54294

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...

CVE-2023-54193

In the Linux kernel, the following vulnerability has been resolved: net/sched: clsapi: remove blockcb from driverlist before freeing Error handler of tcfblockbind frees the whole bo-cblist on error. However, by that time the flowblockcb instances are already in the driver list because driver...

UBUNTU-CVE-2023-54231

In the Linux kernel, the following vulnerability has been resolved: net: libwx: fix memory leak in wxsetuprxresources When wxallocpagepool failed in wxsetuprxresources, it doesn't release DMA buffer. Add dmafreecoherent in the error path to release the DMA buffer...

CVE-2022-50837

In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag8021q: avoid leaking ctx on dsatag8021qregister error path If dsatag8021qsetup fails, for example due to the inability of the device to install a VLAN, the tag8021q context of the switch will leak. Make sure it is...

UBUNTU-CVE-2022-50837

In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag8021q: avoid leaking ctx on dsatag8021qregister error path If dsatag8021qsetup fails, for example due to the inability of the device to install a VLAN, the tag8021q context of the switch will leak. Make sure it is...

CVE-2023-54294 md/raid10: fix memleak of md thread

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak of md thread In raid10run, if setupconf succeed and raid10run failed before setting 'mddev-thread', then in the error path 'conf-thread' is not freed. Fix the problem by setting 'mddev-thread' right after...