SUSE CVE-2026-31631

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix buffer overread in rxgkdoverifyauthenticator Fix rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

SUSE CVE-2026-23205

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2openfile Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //$serverip/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4...

SUSE CVE-2026-23090

In the Linux kernel, the following vulnerability has been resolved: slimbus: core: fix device reference leak on report present Slimbus devices can be allocated dynamically upon reception of report-present messages. Make sure to drop the reference taken when looking up already registered devices...

SUSE CVE-2023-54198

In the Linux kernel, the following vulnerability has been resolved: tty: fix out-of-bounds access in ttydriverlookuptty When specifying an invalid console= device like console=tty3270, ttydriverlookuptty returns the tty struct without checking whether index is a valid number. To reproduce:...

SUSE CVE-2025-66406

Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. This vulnerability is fixed in 0.29.0...

SUSE CVE-2025-40299

In the Linux kernel, the following vulnerability has been resolved: gve: Implement gettimex64 with -EOPNOTSUPP gve implemented a ptpclock for sole use of doauxwork at this time. ptpclockgettime and ptpsysoffset assume every ptpclock has implemented either gettimex64 or gettime64. Stub gettimex64...

SUSE CVE-2025-40109

In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure setent is always present Ensure that setent is always set since only drbg provides it...

SUSE CVE-2023-53505

In the Linux kernel, the following vulnerability has been resolved: clk: tegra: tegra124-emc: Fix potential memory leak The tegra and tegra needs to be freed in the error handling path, otherwise it will be leaked...

SUSE CVE-2023-53312

In the Linux kernel, the following vulnerability has been resolved: net: fix netdevstartxmit trace event vs skbtransportoffset After blamed commit, we must be more careful about using skbtransportoffset, as reminded us by syzbot: WARNING: CPU: 0 PID: 10 at include/linux/skbuff.h:2868...

SUSE CVE-2025-38501

In the Linux kernel, the following vulnerability has been resolved: ksmbd: limit repeated connections from clients with the same IP Repeated connections from clients with the same IP address may exhaust the max connections and prevent other normal client connections. This patch limit repeated...

SUSE CVE-2025-38493

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix crash in timerlatdumpstack We have observed kernel panics when using timerlat with stack saving, with the following dmesg output: memcpy: detected buffer overflow: 88 byte write of buffer size 0 WARNING: CPU:...

SUSE CVE-2022-50153

In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehcihcdppcofprobe offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on it when done. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2025-37817

In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleonparsegdd In chameleonparsegdd, if mcbdeviceregister fails, 'mdev' would be released in mcbdeviceregister via putdevice. Thus, goto 'err' label and free 'mdev' again causes a double free. Jus...

SUSE CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

SUSE CVE-2022-49146

In the Linux kernel, the following vulnerability has been resolved: virtio: use virtiodeviceready in virtiodevicerestore After waking up a suspended VM, the kernel prints the following trace for virtio drivers which do not directly call virtiodeviceready in the .restore: PM: suspend exit irq 22:...

SUSE CVE-2022-49498

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Check for null pointer of pointer substream before dereferencing it Pointer substream is being dereferenced on the assignment of pointer card before substream is being null checked with the macro PCMRUNTIMECHECK...

SUSE CVE-2025-21651

In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: 16.324639 Call trace:...

SUSE CVE-2024-56547

In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torturetype=rcu fwdprogress=8 nbarriercbs=8 nocbsnthreads=8 nocbstoggle=100 onoffinterval=60 testboost=2, will trigger the following warning...

SUSE CVE-2024-53981

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

SUSE CVE-2024-46802

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: added NULL check at start of dcvalidatestream Why prevent invalid memory access How check if dc and stream are NULL...