59854 matches found
SUSE CVE-2026-43267
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential zero beacon interval in beacon tracking During fuzz testing, it was discovered that bssconf-beaconint might be zero, which could result in a division by zero error in subsequent calculations. Set a...
SUSE CVE-2026-44597
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011...
SUSE CVE-2025-71288
In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure e.g. probe deferral and on driver unbind...
SUSE CVE-2026-32934
CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-QUIC DoQ server can be driven into unbounded goroutine and memory growth by a remote client that opens many QUIC streams and sends only 1 byte per stream. When the worker pool is full, CoreDNS still spawns a...
SUSE CVE-2026-43008
In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devmregmapinitmmio devmregmapinitmmio returns an ERRPTR on failure, not NULL. The original code checked for NULL which would never trigger on error, potentially leading to an invalid point...
SUSE CVE-2026-43079
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Skip discovery table for offline dies This warning can be triggered if NUMA is disabled and the system boots with fewer CPUs than the number of CPUs in die 0. WARNING: CPU: 9 PID: 7257 at uncore.c:1157...
SUSE CVE-2026-43084
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlinkqueue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnlrecvverdict+0x11ac/0x15e0 nfnetlinkqueue...
SUSE CVE-2026-43091
In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrmpolicyfini frees the policybydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their...
SUSE CVE-2026-43097
In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double idafree in hvpciprobe error path If hvpciprobe fails after storing the domain number in hbus-bridge-domainnr, there is a call to free this domainnr via pcibusreleaseemuldomainnr, however, during cleanup, the...
SUSE CVE-2026-43104
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix a memory leak in hang state error path When vc4savehangstate encounters an early return condition, it returns without freeing the previously allocated kernelstate, leaking memory. Add the missing kfree calls by...
SUSE CVE-2026-43134
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix missing key size check for L2CAPLECONNREQ This adds a check for encryption key size upon receiving L2CAPLECONNREQ which is required by L2CAP/LE/CFC/BV-15-C which expects L2CAPCRLEBADKEYSIZE...
SUSE CVE-2026-43136
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidppgetreportlength Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This can be...
SUSE CVE-2026-43146
In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move listaddtail to after dmaallocattrs succeeds when creating internal buffers. Previously, the buffer was enqueued in buffers-list before the DMA allocation. If t...
SUSE CVE-2026-43151
In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stopstreaming when the instance was in IRISINSTERROR, as it caused multiple...
SUSE CVE-2026-43155
In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and ...
SUSE CVE-2026-43156
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: enable basic endpoint checking pegasusprobe fills URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbrcvbulkpipedev, 1 for RX data - usbsndbulkpipedev, 2 for TX data -...
SUSE CVE-2026-43162
In the Linux kernel, the following vulnerability has been resolved: media: tegra-video: Fix memory leak in tegrachanneltryformat The state object allocated by v4l2subdevstatealloc must be freed with v4l2subdevstatefree when it is no longer needed. In tegrachanneltryformat, two error paths return...
SUSE CVE-2026-43177
In the Linux kernel, the following vulnerability has been resolved: media: ipu6: Fix RPM reference leak in probe error paths Several error paths in ipu6pciprobe were jumping directly to outipu6busdeldevices without releasing the runtime PM reference. Add pmruntimeputsync before cleaning up other...
SUSE CVE-2026-43178
In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...
SUSE CVE-2026-43203
In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fix use-after-free in tasklets during device removal When the PCA-200E or SBA-200E adapter is being detached, the fore200e is deallocated. However, the txtasklet or rxtasklet may still be running or pending, leadin...
SUSE CVE-2026-43224
In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix sgtable leak on mapping failures In an unlikely case when iopopulateareadma fails, which could only happen on a PAGEPOOL32BITARCHWITH64BITDMA machine, iozcrxmaparea will have an initialised and not freed table. ...
SUSE CVE-2026-43248
In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...
SUSE CVE-2026-43266
In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the sectionlength is too small, but it doesn't detect if it is too big. Currently, if the firmware receives an ARM process...
SUSE CVE-2026-43269
In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomicdestroystate callback After several commits, the slab memory increases. Some drmcrtccommit objects are not freed. The atomicdestroystate callback only put the framebuffer. Use the...
SUSE CVE-2026-43270
In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtkmdpremove In mtkmdpprobe, vpugetplatdevice increases the reference count of the returned platform device. Add platformdeviceput to prevent reference leak...
SUSE CVE-2026-43283
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ecbhf: Fix dmafreecoherent dma handle dmafreecoherent in error path takes priv-rxbuf.alloclen as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv-rxbuf.allocphys...
SUSE CVE-2026-44331
In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltabfetchclientscb in contrib/modwrap2sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted domain name that is accessed in a reverse DNS lookup. When "UseReverseDNS on" is enabled, the...
SUSE CVE-2012-0418
Unspecified vulnerability in the client in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted file...
SUSE CVE-2026-31729
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: validate connector number in ucsinotifycommon The connector number extracted from CCI via UCSICCICONNECTOR is a 7-bit field 0-127 that is used to index into the connector array in ucsiconnectorchange. However, t...
SUSE CVE-2026-31746
In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: Fix memory leak with CCA cards used as accelerator Tests showed that there is a memory leak if CCA cards are used as accelerator for clear key RSA requests ME and CRT. With the last rework for the memory allocation t...
SUSE CVE-2026-31750
In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak 1, because commit 4e1da516debb "comedi: Add reference counting for Comedi command handling" did not consider the exceptional exit case in...
SUSE CVE-2026-31764
In the Linux kernel, the following vulnerability has been resolved: iio: imu: stlsm6dsx: Set buffer sampling frequency for accelerometer only The stlsm6dsxhwfifoodrstore function, which is called when userspace writes the buffer sampling frequency sysfs attribute, calls stlsm6dsxcheckodr, which...
SUSE CVE-2026-33813
Parsing a WEBP image with an invalid, large size panics on 32-bit platforms...
SUSE CVE-2026-42151
Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the clientsecret field in the Azure AD remote write OAuth configuration storage/remote/azuread was typed as string instead of Secret. Prometheus redacts fields of type Secret when serving...
SUSE CVE-2026-42224
ipl/web is a set of common web components for php projects. Prior to versions 0.13.1 and 0.10.3, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the context of Icinga Web. The victim needs to visit a specifically prepared website and may ha...
SUSE CVE-2026-43030
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe for pointers to packet In case rold-reg-range == BEYONDPKTEND && rcur-reg-range == N regsafe may return true which may lead to current state with valid packet range not being explored. Fix the bug...
SUSE CVE-2026-43034
In the Linux kernel, the following vulnerability has been resolved: bnxten: set backing store type from query type bnxthwrmfuncbackingstoreqcapsv2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctxarr and...
SUSE CVE-2026-43036
In the Linux kernel, the following vulnerability has been resolved: net: use skbheaderpointer for TCPv4 GSO fragoff check Syzbot reported a KMSAN uninit-value warning in gsofeaturescheck called from netifskbfeatures 1. gsofeaturescheck reads iph-fragoff to decide whether to clear mangleidfeatures...
SUSE CVE-2026-43040
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ndisc: fix ndiscrauseropt to initialize nduseroptpadX fields to zero to prevent an info-leak When processing Router Advertisements with user options the kernel builds an RTMNEWNDUSEROPT netlink message. The nduseroptms...
SUSE CVE-2026-43057
In the Linux kernel, the following vulnerability has been resolved: net: correctly handle tunneled traffic on IPV6CSUM GSO fallback NETIFFIPV6CSUM only advertises support for checksum offload of packets without IPv6 extension headers. Packets with extension headers must fall back onto software...
SUSE CVE-2026-43059
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 "Bluetooth: MGMT: Fix possible UAFs" introduced mgmtpendingvalid, which not only validates the pending command but also unlinks it from...
SUSE CVE-2026-43061
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA dmaengineterminateasync does not guarantee that the dmatxcomplete callback will run. The callback is currently the only place where dma-txrunning gets cleared. If the transaction is...
SUSE CVE-2026-43062
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2capecredreconfrsp l2capecredreconfrsp casts the incoming data to struct l2capecredconnrsp the ECRED connection response, 8 bytes with result at offset 6 instead of struct...
SUSE CVE-2026-43067
In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 "ext4: always allocate blocks only from groups inode can use" restricts what blocks will be allocated for indirect block based files...
SUSE CVE-2025-70070
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry...
SUSE CVE-2026-41263
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
SUSE CVE-2026-42483
A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects modulehashdecode in multiple Kerberos-related modules because accountinfolen is...
SUSE CVE-2026-43864
mutt before 2.3.2 has a showsigsummary NULL pointer dereference...
SUSE CVE-2026-31703
In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inodeswitchwbsworkfn inodeswitchwbsworkfn has a loop like: wbgetnewwb; while 1 list = llistdelall&newwb-switchwbsctxs; / Nothing to do? / if !list break; ... process the items ... Now adding of...
SUSE CVE-2026-3832
A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol OCSP response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabl...