SUSE CVE-2025-68737

In the Linux kernel, the following vulnerability has been resolved: arm64/pageattr: Propagate return value from changememorycommon The rodata=on security measure requires that any code path which does vmalloc - setmemoryro/setmemoryrox must protect the linear map alias too. Therefore, if such a...

SUSE CVE-2025-68738

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix null pointer deref in mt7996conftx If a link does not have an assigned channel yet, mt7996viflink returns NULL. We still need to store the updated queue settings in that case, and apply them later. Move th...

SUSE CVE-2025-68739

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fix potential UAF in OPP handling Ensure all required data is acquired before calling devpmoppputopp to maintain correct resource acquisition and release order...

SUSE CVE-2025-68740

In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by imafilterrulematch In imamatchrules, if imafilterrulematch returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if !rc' check and sets 'result = true'. The LSM rule is...

SUSE CVE-2025-68741

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxxprocesspurlsiocb, an item is allocated via qla27xxcopymultiplepkt, which internally calls qla24xxallocpurexitem. The qla24xxallocpurexitem function may return a...

SUSE CVE-2025-68742

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog-stats access when updateeffectiveprogs fails Syzkaller triggers an invalid memory access issue following fault injection in updateeffectiveprogs. The issue can be described as follows: cgroupbpfdetach...

SUSE CVE-2025-68743

In the Linux kernel, the following vulnerability has been resolved: mshv: Fix create memory region overlap check The current check is incorrect; it only checks if the beginning or end of a region is within an existing region. This doesn't account for userspace specifying a region that begins befo...

SUSE CVE-2025-68744

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

SUSE CVE-2025-68745

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Clear cmds after chip reset Commit aefed3e5548f "scsi: qla2xxx: target: Fix offline port handling and host reset handling" caused two problems: 1. Commands sent to FW, after chip reset got stuck and never freed as ...

SUSE CVE-2025-68746

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on typically CPU 0 is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached...

SUSE CVE-2025-68747

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF on kernel BO VA nodes If the MMU is down, panthorvmunmaprange might return an error. We expect the page table to be updated still, and if the MMU is blocked, the rest of the GPU should be blocked too, so no...

SUSE CVE-2025-68748

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

SUSE CVE-2025-68749

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpugembofree removes the BO from the BOs list before it gets unmapped. Then fileprivunbind triggers a...

SUSE CVE-2025-68750

In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbgmaketpg The variable tpgt in usbgmaketpg is defined as unsigned long and is assigned to tpgt-tporttpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than...

SUSE CVE-2025-10543

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

SUSE CVE-2025-34457

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kissrecbyte located in src/kissframe.c. When processing crafted KISS frames that reach the maximum allowed frame length MAXKISSLEN, the function...

SUSE CVE-2025-34458

wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprsmice located in src/decodeaprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or...

SUSE CVE-2025-66400

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

SUSE CVE-2025-67499

The CNI portmap plugin allows containers to emulate opening a host port, forwarding that traffic to the container. Versions 1.6.0 through 1.8.0 inadvertently forward all traffic with the same destination port as the host port when the portmap plugin is configured with the nftables backend, thus...

SUSE CVE-2025-68338

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Don't free uninitialized kszirq If something goes wrong at setup, kszirqfree can be called on uninitialized kszirq for example when kszptpirqsetup fails. It leads to freeing uninitialized IRQ numbers and/or...

SUSE CVE-2025-68339

In the Linux kernel, the following vulnerability has been resolved: atm/fore200e: Fix possible data race in fore200eopen Protect access to fore200e-availablecellrate with ratemtx lock in the error handling path of fore200eopen to prevent a data race. The field fore200e-availablecellrate is a shar...

SUSE CVE-2025-68340

In the Linux kernel, the following vulnerability has been resolved: team: Move team device type change at the end of teamportadd Attempting to add a port device that is already up will expectedly fail, but not before modifying the team device headerops. In the case of the syzbot reproducer the gr...

SUSE CVE-2025-68341

In the Linux kernel, the following vulnerability has been resolved: veth: reduce XDP nodirect return section to fix race As explain in commit fa349e396e48 "veth: Fix race with AFXDP exposing old or uninitialized descriptors" for veth there is a chance after napicompletedone that another CPU can...

SUSE CVE-2025-68342

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing data The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::fla...

SUSE CVE-2025-68343

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing header The driver expects to receive a struct gshostframe in gsusbreceivebulkcallback. Use structgroup to describe the header of the struct gshostframe and...

SUSE CVE-2025-68480

Marshmallow is a lightweight library for converting complex objects to and from simple Python datatypes. In versions from 3.0.0rc1 to before 3.26.2 and from 4.0.0 to before 4.1.2, Schema.loaddata, many=True is vulnerable to denial of service attacks. A moderately sized request can consume a...

SUSE CVE-2025-68615

net-snmp is a SNMP application library, tools and daemon. Prior to versions 5.9.5 and 5.10.pre2, a specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash. This issue has been patched in versions 5.9.5 and 5.10.pre2...

SUSE CVE-2025-14607

A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to...

SUSE CVE-2025-14956

A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

SUSE CVE-2025-14957

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer...

SUSE CVE-2025-59529

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions up to and including 0.9-rc2, the simple protocol server ignores the documented client limit and accepts unlimited connections, allowing for easy local DoS. Although CLIENTSMAX ...

SUSE CVE-2025-68326

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...

SUSE CVE-2025-68327

In the Linux kernel, the following vulnerability has been resolved: usb: renesasusbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usbfecm modprobe...

SUSE CVE-2025-68328

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

SUSE CVE-2025-68329

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

SUSE CVE-2025-68330

In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150accelsetinterrupt in the iiobuffersetupops, such as on the runtime PM resume path giving a kernel splat like this if th...

SUSE CVE-2025-68331

In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to ...

SUSE CVE-2025-68332

In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's Comedi "attach" handler c6xdigioattach to...

SUSE CVE-2025-68333

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn For PREEMPTRT=y kernels, the deferredirqworkfn is executed in the per-cpu irqwork/ task context and not disable-irq, if the rq returned by containerof is current CPU's rq,...

SUSE CVE-2025-68334

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally non-X SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 s2idle causes a crash, this support was dropped by the Xbox Ally...

SUSE CVE-2025-68335

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818aicancel Syzbot identified an issue 1 in pcl818aicancel, which stems from the fact that in case of early device detach via pcl818detach, subdevice dev-readsubdev may not have initialize...

SUSE CVE-2025-68336

In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in dorawwritelock KCSAN reports: BUG: KCSAN: data-race in dorawwritelock / dorawwritelock write marked to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: dorawwritelock+0x120/0x204...

SUSE CVE-2025-68337

In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bugon in jbd2journalgetcreateaccess when file system corrupted There's issue when file system corrupted: ------------ cut here ------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000 1 SMP...

SUSE CVE-2025-68463

Bio.Entrez in Biopython through 186 allows doctype XXE...

SUSE CVE-2025-68284

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handleauthsessionkey The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes when decrypting the...

SUSE CVE-2025-68285

In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in havemonandosdmap The wait loop in cephopensession can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both cephmonchandlemap and handleonem...

SUSE CVE-2025-68287

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking dwc3removerequests, leading to premature...

SUSE CVE-2024-2182

A flaw was found in the Open Virtual Network OVN. In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service...

SUSE CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

SUSE CVE-2025-14876

A flaw was found in the virtio-crypto device of QEMU. A malicious guest operating system can exploit a missing length limit in the AKCIPHER path, leading to uncontrolled memory allocation. This can result in a denial of service DoS on the host system by causing the QEMU process to terminate...