59854 matches found
SUSE CVE-2026-23176
In the Linux kernel, the following vulnerability has been resolved: platform/x86: toshibahaps: Fix memory leaks in add/remove routines toshibahapsadd leaks the haps object allocated by it if it returns an error after allocating that object successfully. toshibahapsremove does not free the object...
SUSE CVE-2026-23177
In the Linux kernel, the following vulnerability has been resolved: mm, shmem: prevent infinite loop on truncate race When truncating a large swap entry, shmemfreeswap returns 0 when the entry's index doesn't match the given index due to lookup alignment. The failure fallback path checks if the...
SUSE CVE-2026-23178
In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fix potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can come from the userspace in the hidraw driver and is only bounded by...
SUSE CVE-2026-23179
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmettcplistendataready When the socket is closed while in TCPLISTEN a callback is run to flush all outstanding packets, which in turns calls nvmettcplistendataready with the skcallbacklock held. So we ne...
SUSE CVE-2026-23180
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: add bounds check for ifid in IRQ handler The IRQ handler extracts ifid from the upper 16 bits of the hardware status register and uses it to index into ethsw-ports without validation. Since ifid can be any 16-bit...
SUSE CVE-2026-23181
In the Linux kernel, the following vulnerability has been resolved: btrfs: sync read disk super and set block size When the user performs a btrfs mount, the block device is not set correctly. The user sets the block size of the block device to 0x4000 by executing the BLKBSZSET command. Since the...
SUSE CVE-2026-23182
In the Linux kernel, the following vulnerability has been resolved: spi: tegra: Fix a memory leak in tegraslinkprobe In tegraslinkprobe, when platformgetirq fails, it directly returns from the function with an error code, which causes a memory leak. Replace it with a goto label to ensure proper...
SUSE CVE-2026-23183
In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: fix NULL pointer dereference when setting max An issue was triggered: BUG: kernel NULL pointer dereference, address: 0000000000000000 PF: supervisor read access in kernel mode PF: errorcode0x0000 - not-present page P...
SUSE CVE-2026-23184
In the Linux kernel, the following vulnerability has been resolved: binder: fix UAF in bindernetlinkreport Oneway transactions sent to frozen targets via binderproctransaction return a BRTRANSACTIONPENDINGFROZEN error but they are still treated as successful since the target is expected to thaw a...
SUSE CVE-2026-23185
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...
SUSE CVE-2026-23186
In the Linux kernel, the following vulnerability has been resolved: hwmon: acpipowermeter Fix deadlocks related to acpipowermeternotify The acpipowermeter driver's .notify callback function, acpipowermeternotify, calls hwmondeviceunregister under a lock that is also acquired by callbacks in sysfs...
SUSE CVE-2026-23187
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...
SUSE CVE-2026-23188
In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlock: DPM device timeout after 10 seconds; 15 seconds until panic Call Trace: schedule+0x483/0x1370...
SUSE CVE-2026-23189
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
SUSE CVE-2026-23190
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: fix memory leak in acp3x pdm dma ops...
SUSE CVE-2026-23191
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop operations are...
SUSE CVE-2026-23192
In the Linux kernel, the following vulnerability has been resolved: linkwatch: use devput in callers to prevent UAF After linkwatchdodev calls devput to release the linkwatch reference, the device refcount may drop to 1. At this point, netdevruntodo can proceed since linkwatchsyncdev sees an empt...
SUSE CVE-2026-23193
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsitdecsessionusagecount In iscsitdecsessionusagecount, the function calls complete while holding the sess-sessionusagelock. Similar to the connection usage count logic, the waiter...
SUSE CVE-2026-23194
In the Linux kernel, the following vulnerability has been resolved: rustbinder: correctly handle FDA objects of length zero Fix a bug where an empty FDA fd array object with 0 fds would cause an out-of-bounds error. The previous implementation used skip == 0 to mean "this is a pointer fixup", but...
SUSE CVE-2026-23195
In the Linux kernel, the following vulnerability has been resolved: cgroup/dmem: avoid pool UAF An UAF issue was observed: BUG: KASAN: slab-use-after-free in pagecounteruncharge+0x65/0x150 Write of size 8 at addr ffff888106715440 by task insmod/527 CPU: 4 UID: 0 PID: 527 Comm: insmod...
SUSE CVE-2026-23196
In the Linux kernel, the following vulnerability has been resolved: HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer Add DMA buffer readiness check before reading DMA buffer to avoid unexpected NULL pointer accessing...
SUSE CVE-2026-23197
In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or I2CSMBUSBLOCKMAX, the length handler sets the state to IMXI2CSTATEFAILED. However, i2cimxmasterisr unconditionally...
SUSE CVE-2026-23198
In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVMIRQFD, don't clobber the irqfd's copy of the IRQ's routing entry as doing so breaks kvmarchirqbypassdelproducer on x86 and arm64, which explicitly...
SUSE CVE-2026-23199
In the Linux kernel, the following vulnerability has been resolved: procfs: avoid fetching build ID while holding VMA lock Fix PROCMAPQUERY to fetch optional build ID only after dropping mmaplock or per-VMA lock, whichever was used to lock VMA under question, to avoid deadlock reported by syzbot:...
SUSE CVE-2026-23200
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTFADDRCONF syzbot reported a kernel BUG in fib6addrt2node when adding an IPv6 route. 0 Commit f72514b3c569 "ipv6: clear RA flags when adding a static route" introduced logic to...
SUSE CVE-2026-23201
In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree in parselongname This fixes a kernel oops when reading ceph snapshot directories .snap, for example by simply running ls /mnt/myceph/.snap. The variable str is guarded by freekfree,...
SUSE CVE-2026-23202
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer in tegraqspicombinedseqxfer The currxfer field is read by the IRQ handler without holding the lock to check if a transfer is in progress. When clearing currxfer in the combined sequence transf...
SUSE CVE-2026-23203
In the Linux kernel, the following vulnerability has been resolved: net: cpswnew: Execute ndosetrxmode callback in a work queue Commit 1767bb2d47b7 "ipv6: mcast: Don't hold RTNL for IPV6ADDMEMBERSHIP and MCASTJOINGROUP." removed the RTNL lock for IPV6ADDMEMBERSHIP and MCASTJOINGROUP operations...
SUSE CVE-2026-23204
In the Linux kernel, the following vulnerability has been resolved: net/sched: clsu32: use skbheaderpointercareful skbheaderpointer does not fully validate negative @offset values. Use skbheaderpointercareful instead. GangMin Kim provided a report and a repro fooling u32classify: BUG: KASAN:...
SUSE CVE-2026-23205
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2openfile Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //$serverip/export /mnt 3. client: dd if=/dev/zero of=/mnt/file bs=512 count=1000 oflag=direct 4...
SUSE CVE-2026-23206
In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZEROSIZEPTR dereference when numifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc with ethsw-swattr.numifs as the element count. When the device reports zero interfaces...
SUSE CVE-2026-23207
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect currxfer check in IRQ handler Now that all other accesses to currxfer are done under the lock, protect the currxfer NULL check in tegraqspiisrthread with the spinlock. Without this protection, the...
SUSE CVE-2026-23208
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize0 22 packsize1 23. The buffer size for each data URB is maxpacksize...
SUSE CVE-2026-23209
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlancommonnewlink valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip lin...
SUSE CVE-2026-23210
In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi-rxrings. The sequence was: 1. iceptpprepareforreset cancels PTP work 2...
SUSE CVE-2026-2441
Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-24044
Element Server Suite Community Edition ESS Community deploys a Matrix stack using the provided Helm charts and Kubernetes distribution. The ESS Community Helm Chart secrets initialization hook using matrix-tools container before 0.5.7 is using an insecure Matrix server key generation method,...
SUSE CVE-2020-37167
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious...
SUSE CVE-2026-2443
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server...
SUSE CVE-2026-23111
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...
SUSE CVE-2026-23112
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmettcpbuildpduiovec nvmettcpbuildpduiovec could walk past cmd-req.sg when a PDU length or offset exceeds sgcnt and then use bogus sg-length/offset values, leading to copytoiter GPF/KASAN. Guard...
SUSE CVE-2026-25949
Traefik is an HTTP reverse proxy and load balancer. Prior to 3.6.8, there is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then...
SUSE CVE-2026-25996
Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences...
SUSE CVE-2026-26076
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above normal in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more...
SUSE CVE-2026-26157
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...
SUSE CVE-2026-26158
A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...
SUSE CVE-2025-41117
Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...
SUSE CVE-2025-69872
DiskCache python-diskcache through 5.6.3 uses Python pickle for serialization by default. An attacker with write access to the cache directory can achieve arbitrary code execution when a victim application reads from the cache...
SUSE CVE-2026-2003
Improper validation of type "oidvector" in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Versions before PostgreSQL 18.2, 17.8...
SUSE CVE-2026-2004
Missing validation of type of input in PostgreSQL intarray extension selectivity estimator function allows an object creator to execute arbitrary code as the operating system user running the database. Versions before PostgreSQL 18.2, 17.8, 16.12, 15.16, and 14.21 are affected...