59854 matches found
SUSE CVE-2022-49328
In the Linux kernel, the following vulnerability has been resolved: mt76: fix use-after-free by removing a non-RCU wcid pointer Fixes an issue caught by KASAN about use-after-free in mt76txqschedule by protecting mtxq-wcid with rculock between mt76txqschedule and stainfoalloc, free. 18853.876689...
SUSE CVE-2022-49541
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/showbug.cgi?id=2088799...
SUSE CVE-2022-49592
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTLRXQDMAMAP1. If CONFIGUBSAN is enabled, kernel dumps below warning...
SUSE CVE-2022-49610
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...
SUSE CVE-2024-56654
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Fix using rcureadunlock while iterating The usage of rcureadunlock while inside listforeachentryrcu is not safe since for the most part entries fetched this way shall be treated as rcudereference: Note that t...
SUSE CVE-2024-53215
In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpucounter in svcrdmaprocinit There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC:...
SUSE CVE-2024-53227
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfadimmoduleexit BUG: KASAN: slab-use-after-free in lockacquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: dumpstacklvl+0x95/0xe0 printreport+0xcb/0x6...
SUSE CVE-2022-49021
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 1 PREEMPT SMP KASAN PTI CPU: 1...
SUSE CVE-2024-50007
In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This patch adds a sanity che...
SUSE CVE-2024-50045
In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: fix panic with metadatadst skb Fix a kernel panic in the brnetfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in brnfdevqueuexmit. It is...
SUSE CVE-2024-47728
In the Linux kernel, the following vulnerability has been resolved: bpf: Zero former ARGPTRTOLONG,INT args in case of error For all non-tracing helpers which formerly had ARGPTRTOLONG,INT as input arguments, zero the value for the case of an error as otherwise it could leak memory. For tracing, i...
SUSE CVE-2024-47669
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix state management in error path of log writing function After commit a694291a6211 "nilfs2: separate wait function from nilfssegctorwrite" was applied, the log writing function nilfssegctordoconstruct was able to issue...
SUSE CVE-2023-2314
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2024-46828
In the Linux kernel, the following vulnerability has been resolved: sched: schcake: fix bulk flow accounting logic for host fairness In schcake, we keep track of the count of active bulk flows per host, when running in dst/src host fairness mode, which is used as the round-robin weight when...
SUSE CVE-2024-46679
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: exception RIP: qedgetcurrentlink+17 ...
SUSE CVE-2024-43841
In the Linux kernel, the following vulnerability has been resolved: wifi: virtwifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virtwifi has advertised, the cfg80211connectresult will trigger the warning: WARNONbssnotfound. T...
SUSE CVE-2024-41098
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix null pointer dereference on error If the ataportalloc call in atahostalloc fails, atahostrelease will get called. However, the code in atahostrelease tries to free ataport struct members unconditionally, whi...
SUSE CVE-2024-40940
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail In case of flow rule creation fail in mlx5lagcreateportseltable, instead of previously created rules, the tainted pointer is deleted deveral times. Fix this...
SUSE CVE-2024-39494
In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name -dname.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it -dlock on dentry, -dlock on its parent, -irwsem exclusive on th...
SUSE CVE-2020-28595
An out-of-bounds write vulnerability exists in the Obj.cpp loadobj functionality of Prusa Research PrusaSlicer 2.2.0 and Master commit 4b040b856. A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...
SUSE CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
SUSE CVE-2024-5840
Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Medium...
SUSE CVE-2023-2124
An out-of-bounds memory access flaw was found in the Linux kernel's XFS file system in how a user restores an XFS image after failure with a dirty log journal. This flaw allows a local user to crash or potentially escalate their privileges on the system...
SUSE CVE-2021-47393
In the Linux kernel, the following vulnerability has been resolved: hwmon: mlxreg-fan Return non-zero value when fan current state is enforced from sysfs Fan speed minimum can be enforced from sysfs. For example, setting current fan speed to 20 is used to enforce fan speed to be at 100% speed, 19...
SUSE CVE-2021-47498
In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updating nrrequests or...
SUSE CVE-2023-52781
In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usbgetbosdescriptor' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usbgetbosdescriptor' encounters an iterati...
SUSE CVE-2024-27417
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix potential "struct net" leak in inet6rtmgetaddr It seems that if userspace provides a correct IFATARGETNETNSID value but no IFAADDRESS and IFALOCAL attributes, inet6rtmgetaddr returns -EINVAL with an elevated "struct net...
SUSE CVE-2024-35822
In the Linux kernel, the following vulnerability has been resolved: usb: udc: remove warning when queue disabled ep It is possible trigger below warning message from mass storage function, WARNING: CPU: 6 PID: 3839 at drivers/usb/gadget/udc/core.c:294 usbepqueue+0x7c/0x104 pc :...
SUSE CVE-2024-26958
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...
SUSE CVE-2024-26956
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix failure to detect DAT corruption in btree and direct mappings Patch series "nilfs2: fix kernel bug at submitbhwbc". This resolves a kernel BUG reported by syzbot. Since there are two flaws involved, I've made each one...
SUSE CVE-2024-26846
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: do not wait in vain when unloading module The module exit path has race between deleting all controllers and freeing 'left over IDs'. To prevent double free a synchronization between nvmedeletectrl and idadestroy has bee...
SUSE CVE-2021-47177
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in allociommu iommudevicesysfsadd is called before, so is has to be cleaned on subsequent errors...
SUSE CVE-2023-52515
In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: Do not call scsidone from srpabort After scmdehaborthandler has called the SCSI LLD ehaborthandler callback, it performs one of the following actions: Call scsiqueueinsert. Call scsifinishcommand. Call scsiehscmdadd...
SUSE CVE-2021-47061
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure after sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guaranteed to see the new...
SUSE CVE-2021-46981
In the Linux kernel, the following vulnerability has been resolved: nbd: Fix NULL pointer in flushworkqueue Open /dev/nbdX first, the configrefs will be 1 and the pointers in nbddevice are still null. Disconnect /dev/nbdX, then reference a null recvworkq. The protection by configrefs in...
SUSE CVE-2007-6209
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files...
SUSE CVE-2010-0094
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18 and 5.0 Update 23 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March...
SUSE CVE-2010-4508
The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 does not properly perform proxy upgrade negotiation, which has unspecified impact and remote attack vectors, related to an "inherent problem" with the WebSocket specification...
SUSE CVE-2016-6816
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a...
SUSE CVE-2019-8942
WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an wpattachedfile Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image...
SUSE CVE-2019-12815
An arbitrary file copy vulnerability in modcopy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306...
SUSE CVE-2019-14523
An issue was discovered in Schism Tracker through 20190722. There is an integer underflow via a large plen in fmtoktloadsong in the Amiga Oktalyzer parser in fmt/okt.c...
SUSE CVE-2020-12659
An issue was discovered in the Linux kernel before 5.6.7. xdpumemreg in net/xdp/xdpumem.c has an out-of-bounds write by a user with the CAPNETADMIN capability because of a lack of headroom validation...
SUSE CVE-2020-26145
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second or subsequent broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets...
SUSE CVE-2021-22923
When curl is instructed to get content using the metalink feature, and a user name and password are used to download the metalink XML file, those same credentials are then subsequently passed on to each of the servers from which curl will download or try to download the contents from. Often...
SUSE CVE-2021-26930
An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later...
SUSE CVE-2021-28950
An issue was discovered in fs/fuse/fusei.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1...
SUSE CVE-2021-29646
An issue was discovered in the Linux kernel before 5.11.11. tipcnlretrievekey in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8...
SUSE CVE-2021-45868
In the Linux kernel before 5.15.3, fs/quota/quotatree.c does not validate the block number in the quota tree on disk. This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file...
SUSE CVE-2022-2503
Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module/firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out the target with an equivalent dm-linear...