SUSE CVE-2026-23094

In the Linux kernel, the following vulnerability has been resolved: uacce: fix isolate sysfs check condition uacce supports the device isolation feature. If the driver implements the isolateerrthresholdread and isolateerrthresholdwrite callback functions, uacce will create sysfs files now. Users...

SUSE CVE-2026-23095

In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. 0 The repro generated a GUE packet with its inner protocol 0. gueudprecv returns -guehdr-protoctype for "resubmit" in ipprotocoldeliverrcu, but thi...

SUSE CVE-2026-23096

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdevdeviceadd fails, it internally releases the cdev memory, and if cdevdevicedel is then executed, it will cause a hang error. To fix it, we check the return value of cdevdevicea...

SUSE CVE-2026-23097

In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock analyzed by Lance Yang: 1 Task 5749: Holds foliolock, then tries to acquire immaprwsemread lock. 2 Task 5754: Holds immaprwsemwrite lock, then tri...

SUSE CVE-2026-23098

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nrrouteframe In nrrouteframe, oldskb is immediately freed without checking if nrneigh-ax25 pointer is NULL. Therefore, if nrneigh-ax25 is NULL, the caller function will free oldskb again, causing a...

SUSE CVE-2026-23099

In the Linux kernel, the following vulnerability has been resolved: bonding: limit BONDMODE8023AD to Ethernet devices BONDMODE8023AD makes sense for ARPHRDETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in hwaddrcreate net/core/devaddrlists.c:63 inline BUG: KASAN: global-out-of-boun...

SUSE CVE-2026-23100

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlbpmdshared Patch series "mm/hugetlb: fixes for PMD table sharing incl. using mmugather", v3. One functional fix, one performance regression fix, and two related comment fixes. I cleaned up my prototype I...

SUSE CVE-2026-23101

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to ledslist when it is fully ready Before this change the LED was added to ledslist before ledinitcore gets called adding it the list before ledclassdev.setbrightnesswork gets initialized. This leave...

SUSE CVE-2026-23102

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds...

SUSE CVE-2026-23103

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrslock be per port Make the addrslock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6. ...

SUSE CVE-2026-23104

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

SUSE CVE-2026-23105

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on qfq...

SUSE CVE-2026-23106

In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When doajdtimex was introduced to handle adjtimex for any timekeeper, this reference to tkcore was not updated. When called on an auxiliary timekeeper, the...

SUSE CVE-2026-23107

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's svestate before setting TIFSME. Consequently, restoring a ZA context can place a task into an...

SUSE CVE-2026-23108

In the Linux kernel, the following vulnerability has been resolved: can: usb8dev: usb8devreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a "can: gsusb: gsusbreceivebulkcallback: fix URB memory leak". In usb8devopen - usb8devstart, the URBs for USB-in transfer...

SUSE CVE-2026-23109

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip ASNODATAINTEGRITY mappings in waitsbinodes Above the while loop in waitsbinodes, we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fuse,...

SUSE CVE-2026-23110

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes o...

SUSE CVE-2025-24293

Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables...

SUSE CVE-2025-62879

A vulnerability has been identified within the Rancher Backup Operator, resulting in the leakage of S3 tokens both accessKey and secretKey into the rancher-backup-operator pod's logs...

SUSE CVE-2025-65834

Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to allocate excessive memory during image...

SUSE CVE-2025-70559

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malicious pickle file in a location accessible to the applicati...

SUSE CVE-2026-1764

unknown...

SUSE CVE-2026-1765

unknown...

SUSE CVE-2026-1766

unknown...

SUSE CVE-2026-1767

unknown...

SUSE CVE-2026-22780

Rizin is a UNIX-like reverse engineering framework and command-line toolset. Prior to 0.8.2, a heap overflow can be exploited when a malicious mach0 file, having bogus entries for the dyld chained segments, is parsed by rizin. This vulnerability is fixed in 0.8.2...

SUSE CVE-2025-69662

SQL injection vulnerability in geopandas before v.1.1.2 allows an attacker to obtain sensitive information via the topostgis function being used to write GeoDataFrames to a PostgreSQL database...

SUSE CVE-2026-0797

GIMP ICO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page o...

SUSE CVE-2026-1703

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations...

SUSE CVE-2026-1757

A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to fr...

SUSE CVE-2026-1760

A flaw was found in SoupServer. This HTTP request smuggling vulnerability occurs because SoupServer improperly handles requests that combine Transfer-Encoding: chunked and Connection: keep-alive headers. A remote, unauthenticated client can exploit this by sending specially crafted requests,...

SUSE CVE-2026-1761

A flaw was found in libsoup. This stack-based buffer overflow vulnerability occurs during the parsing of multipart HTTP responses due to an incorrect length calculation. A remote attacker can exploit this by sending a specially crafted multipart HTTP response, which can lead to memory corruption...

SUSE CVE-2025-71180

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQFNOTHREAD flag An IRQ handler can either be IRQFNOTHREAD or acquire spinlockt, as CONFIGPROVERAWLOCKNESTING warns: ============================= BUG: Invalid wait context 6.18.0-rc1+git... 1...

SUSE CVE-2025-71181

In the Linux kernel, the following vulnerability has been resolved: rustbinder: remove spinlock in rustshrinkfreepage When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 "mm/listlru: split the lock to per-cgroup scope" into account, and apparently I did not end up...

SUSE CVE-2025-71182

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if device is no longer registered syzbot is still reporting unregisternetdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b5891b8 "can: j1939: add missing...

SUSE CVE-2025-71183

In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging either with the rename exchange operation or regular renames in multiple non-atomic steps two inodes and at least one of them is a directory,...

SUSE CVE-2025-71184

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfsevictinode the root might be NULL, as...

SUSE CVE-2025-71185

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation...

SUSE CVE-2025-71186

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent i...

SUSE CVE-2025-71187

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures e.g. probe deferral...

SUSE CVE-2025-71188

In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent...

SUSE CVE-2025-71189

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures...

SUSE CVE-2025-71190

In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind...

SUSE CVE-2025-71191

In the Linux kernel, the following vulnerability has been resolved: dmaengine: athdmac: fix device leak on ofdmaxlate Make sure to drop the reference taken when looking up the DMA platform device during ofdmaxlate when releasing channel resources. Note that commit 3832b78b3ec2 "dmaengine: athdmac...

SUSE CVE-2026-23015

In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: fix reference leak in gpiompsseprobe error paths The reference obtained by calling usbgetdev is not released in the gpiompsseprobe error paths. Fix that by using device managed helper functions. Also remove the...

SUSE CVE-2026-23016

In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nfconntrackcleanupnetlist to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this...

SUSE CVE-2026-23017

In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the inittask on load If the inittask fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset will result in a crash as...

SUSE CVE-2026-23018

In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfsreadlockedinode In btrfsreadlockedinode we are calling btrfsinitfileextenttree while holding a path with a read locked leaf from a subvolume tree, and...

SUSE CVE-2026-23019

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix NULL dereference on devlinkalloc failure devlinkalloc may return NULL on allocation failure, but presteradevlinkalloc unconditionally calls devlinkpriv on the returned pointer. This leads to a NULL...

SUSE CVE-2026-23020

In the Linux kernel, the following vulnerability has been resolved: net: 3com: 3c59x: fix possible null dereference in vortexprobe1 pdev can be null and freering: can be called in 1297 with a null pdev...