SUSE CVE-2025-40207

In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2subdevcallstatetry v4l2subdevcallstatetry macro allocates a subdev state with v4l2subdevstatealloc, but does not check the returned value. If v4l2subdevstatealloc fails, it retur...

SUSE CVE-2025-40208

In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...

SUSE CVE-2024-47866

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

SUSE CVE-2025-12748

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

SUSE CVE-2025-13012

Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13013

Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13014

Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13015

Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...

SUSE CVE-2025-13016

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13017

Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13018

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13019

Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13020

Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...

SUSE CVE-2025-13021

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13022

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13023

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13024

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13025

Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13026

Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13027

Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145...

SUSE CVE-2025-13042

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2025-40110

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...

SUSE CVE-2025-40111

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmwexecbufprocess. All nodes are expected to be cleared in...

SUSE CVE-2025-40112

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for Niagara The referenced commit introduced exception handlers on user-space memory references in copyfromuser and copytouser. These handlers return from the respective...

SUSE CVE-2025-40113

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware and the DTB. The same applies for the "lite" firmware loaded by the boot firmware. When preparing ...

SUSE CVE-2025-40115

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using iocinfo During mpt3sastransportportremove, messages were logged with devprintk against &mpt3sasport-port-dev. At this point the SAS transport device may already be...

SUSE CVE-2025-40116

In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers so the max3421hcd-spithread pointer can be either error pointers or NULL. Check for both before dereferencing i...

SUSE CVE-2025-40117

In the Linux kernel, the following vulnerability has been resolved: misc: pciendpointtest: Fix array underflow in pciendpointtestioctl Commit eefb83790a0d "misc: pciendpointtest: Add doorbell test case" added NOBAR -1 to the pcibarno enum which, in practical terms, changes the enum from an unsign...

SUSE CVE-2025-40122

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...

SUSE CVE-2025-40123

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

SUSE CVE-2025-40124

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC III Anthony Yznaga tracked down that a BUGON in ext4 code with large folios enabled resulted from copyfromuser returning impossibly large values greater tha...

SUSE CVE-2025-40125

In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject stateinsysfs before deleting in blkmqunregisterhctx In blkmqupdatenrhwqueues the return value of blkmqsysfsregisterhctxs is not checked. If sysfs creation for hctx fails, later changing the number of hwqueue...

SUSE CVE-2025-40126

In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copyfromtouser for UltraSPARC The referenced commit introduced exception handlers on user-space memory references in copyfromuser and copytouser. These handlers return from the respectiv...

SUSE CVE-2025-40127

In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in kssarnginit Fix division by zero in kssarnginit caused by missing clock pointer initialization. The clkgetrate call is performed on an uninitialized clk pointer, resulting in division by zer...

SUSE CVE-2025-40131

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix peer lookup in ath12kdpmonrxdelivermsdu In ath12kdpmonrxdelivermsdu, peer lookup fails because rxcb-peerid is not updated with a valid value. This is expected in monitor mode, where RX frames bypass the regular ...

SUSE CVE-2025-40140

In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast syzbot reported WARNING in rtl8150startxmit/usbsubmiturb. This is the sequence of events that leads to the warning: rtl8150startxmit netifstopqueue;...

SUSE CVE-2025-40141

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on isoconnfree This attempt to fix similar issue to scoconnfree where if the conn-sk is not set to NULL may lead to UAF on isoconnfree...

SUSE CVE-2025-40145

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

SUSE CVE-2025-40146

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nrrequests grown Allocate and free schedtags while queue is freezed can deadlock1, this is a long term problem, hence allocate memory before freezing queue and free memory after queue is...

SUSE CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

SUSE CVE-2025-57812

CUPS is a standards-based, open-source printing system, and libcupsfilters contains the code of the filters of the former cups-filters package as library functions to be used for the data format conversion tasks needed in Printer Applications. In CUPS-Filters versions up to and including 1.28.17...

SUSE CVE-2025-64486

calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve...

SUSE CVE-2025-64503

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. In cups-filters prior to 1.28.18, by crafting a PDF file with a large MediaBox value, an attacker can cause CUPS-Filter 1.x's pdftoraster tool to...

SUSE CVE-2025-60876

BusyBox wget thru 1.3.7 accepted raw CR 0x0D/LF 0x0A and other C0 control bytes in the HTTP request-target path/query, allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw spac...

SUSE CVE-2025-64181

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexrexrcheckfuzzer, Valgrind reports a conditional branch depending on...

SUSE CVE-2025-64182

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, a memory safety bug in the legacy OpenEXR Python adapter the deprecated...

SUSE CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

SUSE CVE-2025-64507

Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the security.shifted property set to true...

SUSE CVE-2025-64512

Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a malicious PDF file. The CMapDB.loaddata function in...

SUSE CVE-2025-12863

This CVE was assigned for a libxml2 issue1012 but later deemed not valid. Ref.: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1012note2608283...