SUSE-SU-2025:20921-1 Recommended update of flake-pilot

This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for...

CVE-2025-55159

A flaw was found in slab. The getdisjointmut method incorrectly validates index boundaries against the slab's capacity rather than its length, enabling a local attacker to access uninitialized memory. This memory access occurs when requesting disjoint mutable references within the slab...

CVE-2025-55159

CVE-2025-55159 concerns the slab crate (Rust) where in version 0.4.10 get_disjoint_mut incorrectly validated indices against the slab length instead of capacity, enabling access to uninitialized memory. This could cause undefined behavior or crashes. The issue has been fixed in slab 0.4.11. A pra...

CVE-2025-55159 slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has...

CVE-2025-55159 slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check

slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the getdisjointmut method incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. This has...

slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check

Impact The getdisjointmut method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowing access to uninitialized memory. This could lead to undefined behavior or potential crashes. Patches This has been fixed in slab v0.4.11. Workarounds Avoi...

CVE-2025-38052 net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done

In the Linux kernel, the following vulnerability has been resolved: net/tipc: fix slab-use-after-free Read in tipcaeadencryptdone Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-use-after-free...

CVE-2025-37774 slab: ensure slab->obj_exts is clear in a newly allocated slab page

In the Linux kernel, the following vulnerability has been resolved: slab: ensure slab-objexts is clear in a newly allocated slab page ktest recently reported crashes while running several buffered io tests with alloctaggingslaballochook at the top of the crash call stack. The signature indicates ...

PT-2025-32595

Name of the Vulnerable Software and Affected Versions: slab versions prior to 0.4.11 Description: slab is a pre-allocated storage for a uniform data type. In version 0.4.10, the get disjoint mut function incorrectly checked if indices were within the slab's capacity instead of its length,...

CVE-2024-56560

In the Linux kernel, the following vulnerability has been resolved: slab: Fix too strict alignment check in createcache On m68k, where the minimum alignment of unsigned long is 2 bytes: Kernel panic - not syncing: kmemcachecreateargs: Failed to create slab 'iokiocb'. Error -22 CPU: 0 UID: 0 PID: ...

Linux kernel slab out-of-bounds read vulnerability

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A slab out-of-bounds read vulnerability exists in hciextendedinquiryresultevt in net/bluetooth/hcievent.c in versions...

Linux kernel slab out-of-bounds write access vulnerability (CNVD-2020-00261)

The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. Linux kernel 5.0.21 suffers from a slab out-of-bounds write access vulnerability. The vulnerability stems from the fa...