59380 matches found
SUSE CVE-2022-49604
In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipfwdusepmtu. While reading sysctlipfwdusepmtu, it can be changed concurrently. Thus, we need to add READONCE to its readers...
SUSE CVE-2025-27219
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service DoS vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when...
SUSE CVE-2024-2746
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit...
SUSE CVE-2024-38472
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...
SUSE CVE-2025-21664
In the Linux kernel, the following vulnerability has been resolved: dm thin: make getfirstthin use rcu-safe list first function The documentation in rculist.h explains the absence of listemptyrcu and cautions programmers against relying on a listempty - listfirst sequence in RCU safe code. This i...
SUSE CVE-2025-21635
In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rdstcprcv,sndbuf: avoid using current-nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the...
SUSE CVE-2024-48873
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211probereqget for RNR The return value of ieee80211probereqget might be NULL, so check it before using to avoid NULL pointer access. Addresses-Coverity-ID: 1529805 "Dereference null retur...
SUSE CVE-2024-56616
In the Linux kernel, the following vulnerability has been resolved: drm/dpmst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC aka message data CRC at the end of the message. This fixes a...
SUSE CVE-2024-56729
In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid-tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cacheddirleasebreak and...
SUSE CVE-2024-56745
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix resetmethodstore memory leak In resetmethodstore, a string is allocated via kstrndup and assigned to the local "options". options is then used in with strsep to find spaces: while name = strsep&options, " " != NULL If...
SUSE CVE-2024-56573
In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdlineptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed whe...
SUSE CVE-2024-53163
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat420xx - fix off by one in uofgetname This is called from uofgetname420xx where "numobjs" is the ARRAYSIZE of fwobjs. The needs to be = to prevent an out of bounds access...
SUSE CVE-2024-53121
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock...
SUSE CVE-2023-52922
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcmprocshow BUG: KASAN: slab-use-after-free in bcmprocshow+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 230 Hardwar...
SUSE CVE-2024-50215
In the Linux kernel, the following vulnerability has been resolved: nvmet-auth: assign dhkey to NULL after kfreesensitive ctrl-dhkey might be used across multiple calls to nvmetsetupdhgroup for the same controller. So it's better to nullify it after release on error path in order to avoid double...
SUSE CVE-2024-50218
In the Linux kernel, the following vulnerability has been resolved: ocfs2: pass u64 to ocfs2truncateinline maybe overflow Syzbot reported a kernel BUG in ocfs2truncateinline. There are two reasons for this: first, the parameter value passed is greater than ocfs2maxinlinedatawithxattr, second, the...
SUSE CVE-2024-50230
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of checked flag Syzbot reported that in directory operations after nilfs2 detects filesystem corruption and degrades to read-only, blockwritebeginint, which is called to prepare bloc...
SUSE CVE-2024-50259
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsimnexthopbucketactivitywrite This was found by a static analyzer. We should not forget the trailing zero after copyfromuser if we will further do some string operations,...
SUSE CVE-2024-50184
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtiopmemflush, causing the system to hang. So add a status check in the beginning o...
SUSE CVE-2024-50099
In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR literal uprobe support The simulateldrliteral and simulateldrswliteral functions are unsafe to use for uprobes. Both functions were originally written for use with kprobes, and access memory with...
SUSE CVE-2024-49902
In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmtleafidx greater than num leaves per dmap tree, add a checking for dmtleafidx in dbFindLeaf. Shaggy: Modified sani...
SUSE CVE-2024-49924
In the Linux kernel, the following vulnerability has been resolved: fbdev: pxafb: Fix possible use after free in pxafbtask In the pxafbprobe function, it calls the pxafbinitfbinfo function, after which &fbi-task is associated with pxafbtask. Moreover, within this pxafbinitfbinfo function, the...
SUSE CVE-2024-49863
In the Linux kernel, the following vulnerability has been resolved: vhost/scsi: null-ptr-dereference in vhostscsigetreq Since commit 3f8ca2e115e5 "vhost/scsi: Extract common handling code from control queue handler" a null pointer dereference bug can be triggered when guest sends an SCSI AN...
SUSE CVE-2024-49982
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 "aoe: fix the potential use-after-free problem in aoecmdcfgpkts" makes tx calling devput instead of doing in aoecmdcfgpkts. It...
SUSE CVE-2024-49881
In the Linux kernel, the following vulnerability has been resolved: ext4: update origpath in ext4findextent In ext4findextent, if the path is not big enough, we free it and set origpath to NULL. But after reallocating and successfully initializing the path, we don't update origpath, in which case...
SUSE CVE-2024-49946
In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...
SUSE CVE-2024-47742
In the Linux kernel, the following vulnerability has been resolved: firmwareloader: Block path traversal Most firmware names are hardcoded strings, or are constructed from fairly constrained format strings where the dynamic parts are just some hex numbers or such. However, there are a couple...
SUSE CVE-2023-2314
Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...
SUSE CVE-2024-46815
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check numvalidsets before accessing readerwmsets WHY & HOW numvalidsets needs to be checked to avoid a negative index when accessing readerwmsetsnumvalidsets - 1. This fixes an OVERRUN issue reported by Coverity...
SUSE CVE-2024-46859
In the Linux kernel, the following vulnerability has been resolved: platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses The panasonic laptop code in various places uses the SINF array with index values of 0 - SINFCURBRIGHT0x0d without checking that the SINF array is big enough...
SUSE CVE-2024-46864
In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: fix kexec crash due to VP assist page corruption commit 9636be85cc5b "x86/hyperv: Fix hypervpcpuinputarg handling when CPUs go online/offline" introduces a new cpuhp state for hyperv initialization. cpuhpsetupstate...
SUSE CVE-2024-46761
In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnvphp: Fix hotplug driver crash on Powernv The hotplug driver for powerpc pci/hotplug/pnvphp.c causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The crash occurs because...
SUSE CVE-2024-43889
In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padatamthelper We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. 10.017908 Oops: divide error: 0000 1 PREEMPT SMP NOPTI 10.017908 CPU: 26 PID: 2627...
SUSE CVE-2024-43863
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a deadlock in dma buf fence polling Introduce a version of the fence ops that on release doesn't remove the fence from the pending list, and thus doesn't require a lock to fix poll-fence wait-fence unref deadlocks...
SUSE CVE-2024-42265
In the Linux kernel, the following vulnerability has been resolved: protect the fetch of -fdfd in dodup2 from mispredictions both callers have verified that fd is not greater than -maxfds; however, misprediction might end up with tofree = fdt-fdfd; being speculatively executed. That's wrong for t...
SUSE CVE-2024-41022
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdmav40processtrapirq The "instance" variable needs to be signed for the error handling to work...
SUSE CVE-2024-41056
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Use strnlen on name fields in V1 wmfw files Use strnlen instead of strlen on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-terminated string in a fixed-size...
SUSE CVE-2024-41072
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check In 'cfg80211wextsiwscan', add extra check whether number of channels passed via 'ioctlsock, SIOCSIWSCAN, ...' doesn't exceed IWMAXFREQUENCIES and reject invalid request with...
SUSE CVE-2024-42156
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key...
SUSE CVE-2024-40998
In the Linux kernel, the following vulnerability has been resolved: ext4: fix uninitialized ratelimitstate-lock access in ext4fillsuper In the following concurrency we will access the uninitialized rs-lock: ext4fillsuper ext4registersysfs // sysfs registered msgratelimitintervalms // Other...
SUSE CVE-2024-38473
Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sent to backend services, potentially bypassing authentication via crafted requests. Users are recommended to upgrade to version 2.4.60, which fixes this issue...
SUSE CVE-2024-36479
In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's refcoun...
SUSE CVE-2024-38618
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a situation may lead to ...
SUSE CVE-2024-26920
In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix registersnapshottrigger to return error code if it failed to allocate a snapshot instead of 0 success. Unless that, it will register snapshot trigger without an...
SUSE CVE-2020-10773
A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmmtimeout file. This flaw allows a local user to see the kernel data...
SUSE CVE-2021-31805
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...
SUSE CVE-2022-4744
A double-free flaw was found in the Linux kernel's TUN/TAP device driver functionality in how a user registers the device when the registernetdevice function fails NETDEVREGISTER notifier. This flaw allows a local user to crash or potentially escalate their privileges on the system...
SUSE CVE-2022-31159
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...
SUSE CVE-2024-36949
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: sync all devices to wait all processes being evicted If there are more than one device doing reset in parallel, the first device will call kfdsuspendallprocesses to evict all processes on all devices, this call takes...
SUSE CVE-2024-36952
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after NPIV deletion where the fabric switch still believes the NPIV is logged into the fabric. This occurs when a vport is unregistered...