59854 matches found
SUSE CVE-2023-53068
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb-len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak kernel memory content...
SUSE CVE-2023-53097
In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...
SUSE CVE-2025-23155
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Fix accessing freed irq affinityhint In stmmacrequestirqmultimsi, a pointer to the stack variable cpumask is passed to irqsetaffinityhint. This value is stored in irqdesc-affinityhint, but once stmmacrequestirqmultim...
SUSE CVE-2025-37787
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered Russell King reports that a system with mv88e6xxx dereferences a NULL pointer when unbinding this driver:...
SUSE CVE-2025-37793
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avscomponentprobe devmkasprintf returns NULL when memory allocation fails. Currently, avscomponentprobe does not check for this case, which results in a NULL pointer dereference...
SUSE CVE-2025-31650
Improper Input Validation vulnerability in Apache Tomcat. Incorrect error handling for some invalid HTTP priority headers resulted in incomplete clean-up of the failed request which created a memory leak. A large number of such requests could trigger an OutOfMemoryException resulting in a denial ...
SUSE CVE-2025-22095
In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulatorbulkget If the regulatorbulkget returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to...
SUSE CVE-2025-22036
In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after getblock When getblock is called with a bufferhead allocated on the stack, such as dompagereadpage, stack corruption due to bufferhead UAF may occur in the following race condition...
SUSE CVE-2025-22039
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix overflow in dacloffset bounds check The dacloffset field was originally typed as int and used in an unchecked addition, which could overflow and bypass the existing bounds check in both smbcheckpermdacl and...
SUSE CVE-2025-40325
In the Linux kernel, the following vulnerability has been resolved: md/raid10: wait barrier before returning discard request with REQNOWAIT raid10handlediscard should wait barrier before returning a discard bio which has REQNOWAIT. And there is no need to print warning calltrace if a discard bio...
SUSE CVE-2025-22030
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix cryptofreeacomp deadlock in zswapcpucompdead Currently, zswapcpucompdead calls cryptofreeacomp while holding the per-CPU acompctx mutex. cryptofreeacomp then holds scomplock through cryptoexitscompopsasync. On the...
SUSE CVE-2025-21991
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, loadmicrocodeamd iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each mask...
SUSE CVE-2025-21923
In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam: Fix use-after-free when detaching device When a hid-steam device is removed it must clean up the clienthdev used for intercepting hidraw access. This can lead to scheduling deferred work to reattach the input...
SUSE CVE-2025-21963
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...
SUSE CVE-2025-21995
In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix fence reference count leak The lastscheduled fence leaks when an entity is being killed and adding the cleanup callback fails. Decrement the reference count of prev when dmafenceaddcallback fails, ensuring proper...
SUSE CVE-2025-1097
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of...
SUSE CVE-2025-24514
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the auth-url Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets...
SUSE CVE-2025-21883
In the Linux kernel, the following vulnerability has been resolved: ice: Fix deinitializing VF in error path If iceenavfs fails after calling icecreatevfentries, it frees all VFs without removing them from snapshot PF-VF mailbox list, leading to list corruption. Reproducer: devlink dev eswitch se...
SUSE CVE-2024-58051
In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: Add check devmkasprintf returned value devmkasprintf can return a NULL pointer on failure but this returned value is not checked...
SUSE CVE-2024-58052
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL pointer dereference in atomctrlgetsmcsclkrangetable The function atomctrlgetsmcsclkrangetable does not check the return value of smuatomgetdatatable. If smuatomgetdatatable fails to retrieve SMUInfo...
SUSE CVE-2024-58061
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...
SUSE CVE-2025-21802
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix oops when unload drivers paralleling When unload hclge driver, it tries to disable sriov first for each aedev node from hnae3aedevlist. If user unloads hns3 driver at the time, because it removes all the aedev node...
SUSE CVE-2025-21714
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using xacmpxchg to make sure this is the only time we are destroying this specific mr. Without this change, we could try to...
SUSE CVE-2025-21719
In the Linux kernel, the following vulnerability has been resolved: ipmr: do not call mrmfcusesdev for unres entries syzbot found that calling mrmfcusesdev for unres entries would crash 1, because c-mfcun.res.minvif / c-mfcun.res.maxvif alias to "struct skbuffhead unresolved", which contain two...
SUSE CVE-2025-21743
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength U16MAX. This could lead to an OoB read. Move the wDatagramIndex term t...
SUSE CVE-2025-21744
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmftxfinalize On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the interface: brcmfdetach...
SUSE CVE-2025-21776
In the Linux kernel, the following vulnerability has been resolved: USB: hub: Ignore non-compliant devices with too many configs or interfaces Robert Morris created a test program which can cause usbhubtostructhub to dereference a NULL or inappropriate pointer: Oops: general protection fault,...
SUSE CVE-2022-49215
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix race at socket teardown Fix a race in the xsk socket teardown code that can lead to a NULL pointer dereference splat. The current xsk unbind code in xskunbinddev starts by setting xs-state to XSKUNBOUND, sets xs-dev to...
SUSE CVE-2022-49264
In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting1 Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve2 be the name of a program, thus prohibiting a scenario...
SUSE CVE-2022-49372
In the Linux kernel, the following vulnerability has been resolved: tcp: tcprtxsynack can be called from process context Laurent reported the enclosed report 1 This bug triggers with following coditions: 0 Kernel built with CONFIGDEBUGPREEMPT=y 1 A new passive FastOpen TCP socket is created. This...
SUSE CVE-2025-21703
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch-q.qlen before qdisctreereducebacklog qdisctreereducebacklog notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it wou...
SUSE CVE-2023-0459
Copyfromuser on 64-bit versions of the Linux kernel does not implement the uaccessbeginnospec allowing a user to bypass the "accessok" check and pass a kernel pointer to copyfromuser. This would allow an attacker to leak information. We recommend upgrading beyond commit...
SUSE CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomca...
SUSE CVE-2024-4577
In PHP versions 8.1. before 8.1.29, 8.2. before 8.2.20, 8.3. before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. PHP CGI module may...
SUSE CVE-2024-53677
File upload logic in Apache Struts is flawed. An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. This issue affects Apache Struts: from 2.0.0 before...
SUSE CVE-2025-21693
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswapcompress and zswapdecompress, the per-CPU acompctx of the current CPU at the beginning of the operation is retrieved and used throughout. However, sin...
SUSE CVE-2024-10846
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included...
SUSE CVE-2024-57932
In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if either of these...
SUSE CVE-2025-21656
In the Linux kernel, the following vulnerability has been resolved: hwmon: drivetemp Fix driver producing garbage data when SCSI errors occur scsiexecutecmd function can return both negative linux codes and positive scsicmnd result field error codes. Currently the driver just passes error codes o...
SUSE CVE-2024-57906
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses...
SUSE CVE-2024-57912
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp u32 pressure, u16...
SUSE CVE-2024-57899
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using oreachsetbitbit, &bits, sizeofchanged BITSPERBYTE, the...
SUSE CVE-2024-56638
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftinner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh and perform three...
SUSE CVE-2024-56602
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154create sockinitdata attaches the allocated sk object to the provided sock object. If ieee802154create fails later, the allocated sk object is freed, but the danglin...
SUSE CVE-2024-56593
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglistrw This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sdsgentryalign' value applies e.g. 512 and a lot of queued SKBs a...
SUSE CVE-2024-56778
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stihqvdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...
SUSE CVE-2024-56688
In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRTSOCKUPDTIMEOUT when reset transport Since transport-sock has been set to NULL during reset transport, XPRTSOCKUPDTIMEOUT also needs to be cleared. Otherwise, the xstcpsetsockettimeouts may be triggered in...
SUSE CVE-2024-53175
In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msginitns failed in createipcns Percpu memory allocation may failed during createipcns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release...
SUSE CVE-2024-53179
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses-authkey.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifsmount dfsmountshare getsession...
SUSE CVE-2024-53180
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime-dmaarea properly. Add a proper NULL check before passing to virttopage for avoiding a panic...