SUSE CVE-2025-12433

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2025-12434

Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-12435

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-12436

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2025-12437

Use after free in PageInfo in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-12438

Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-12439

Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: Medium...

SUSE CVE-2025-12440

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2025-12441

Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-12443

Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: Medium...

SUSE CVE-2025-12444

Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2025-12445

Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Low...

SUSE CVE-2025-12446

Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. Chromium security severity: Low...

SUSE CVE-2025-12447

Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

SUSE CVE-2025-40087

In the Linux kernel, the following vulnerability has been resolved: NFSD: Define a proclayoutcommit for the FlexFiles layout type Avoid a crash if a pNFS client should happen to send a LAYOUTCOMMIT operation on a FlexFiles layout...

SUSE CVE-2025-40088

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplusstrcasecmp The hfsplusstrcasecmp logic can trigger the issue: 117.317703 T9855 ================================================================== 117.318353 T9855 BUG: KASAN:...

SUSE CVE-2025-40089

In the Linux kernel, the following vulnerability has been resolved: cxl/features: Add check for no entries in cxlfeatureinfo cxl EDAC calls cxlfeatureinfo to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL. 51.957498 BUG: kernel NULL pointer...

SUSE CVE-2025-40090

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix recursive locking in RPC handle list access Since commit 305853cce3794 "ksmbd: Fix race condition in RPC handle list access", ksmbdsessionrpcmethod attempts to lock sess-rpclock. This causes hung connections / tasks wh...

SUSE CVE-2025-40091

In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix too early devlinkfree in ixgberemove Since ixgbeadapter is embedded in devlink, calling devlinkfree prematurely in the ixgberemove path can lead to UAF. Move devlinkfree to the end. KASAN report: BUG: KASAN:...

SUSE CVE-2025-40092

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Refactor bind path to use free After an bind/unbind cycle, the ncm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

SUSE CVE-2025-40093

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fecm: Refactor bind path to use free After an bind/unbind cycle, the ecm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

SUSE CVE-2025-40094

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: facm: Refactor bind path to use free After an bind/unbind cycle, the acm-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

SUSE CVE-2025-40095

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: frndis: Refactor bind path to use free After an bind/unbind cycle, the rndis-notifyreq is left stale. If a subsequent bind fails, the unified error label attempts to free this stale request, leading to a NULL pointer...

SUSE CVE-2025-40096

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix potential double free in drmschedjobaddresvdependencies When adding dependencies with drmschedjobadddependency, that function consumes the fence reference both on success and failure, so in the latter case the...

SUSE CVE-2025-40097

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hdacomponentmanagerinit function The componentmatchadd function may assign the 'matchptr' pointer the value ERRPTR-ENOMEM, which will subsequently be dereferenced. The call stack leading to...

SUSE CVE-2025-40098

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41getacpimutestate Return value of a function acpievaluatedsm is dereferenced without checking for NULL, but it is usually checked for this function. acpievaluatedsm may...

SUSE CVE-2025-40099

In the Linux kernel, the following vulnerability has been resolved: cifs: parsedfsreferrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTLDFSGETREFERRALS - reply smaller than sizeofstruct getdfsreferralrsp - reply with number of referrals smaller than...

SUSE CVE-2025-40100

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populatefreespacetree, if we are not using the block group tree feature, we always expect to find block...

SUSE CVE-2025-40101

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST At the end of btrfsloadblockgroupzoneinfo the first thing we do is to ensure that if the mapping type is not a SINGLE one and there is no RAID stripe...

SUSE CVE-2025-40102

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Prevent access to vCPU events before init Another day, another syzkaller bug. KVM erroneously allows userspace to pend vCPU events for a vCPU that hasn't been initialized yet, leading to KVM interpreting a bunch of...

SUSE CVE-2025-40103

In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifssbtlink Fix three refcount inconsistency issues related to cifssbtlink. Comments for cifssbtlink state that cifsputtlink needs to be called after successful calls to cifssbtlink. Three calls...

SUSE CVE-2025-40104

In the Linux kernel, the following vulnerability has been resolved: ixgbevf: fix mailbox API compatibility by negotiating supported features There was backward compatibility in the terms of mailbox API. Various drivers from various OSes supporting 10G adapters from Intel portfolio could easily...

SUSE CVE-2025-55754

Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an...

SUSE CVE-2023-7324

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addldescptr out-of-bounds accesses Sanitize possible addldescptr out-of-bounds accesses in sesenclosuredataprocess...

SUSE CVE-2025-12380

Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-free in the GPU or browser process using WebGPU-related IPC calls. This may have been usable to escape the child process sandbox. This vulnerability was fixed in Firefox 144.0.2...

SUSE CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

SUSE CVE-2025-40033

In the Linux kernel, the following vulnerability has been resolved: remoteproc: pru: Fix potential NULL pointer dereference in prurprocsetctable prurprocsetctable accessed rproc-priv before the ISERRORNULL check, which could lead to a null pointer dereference. Move the pru assignment, ensuring we...

SUSE CVE-2025-40035

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is embedded twice inside uinputffuploadcompat, contains internal padding. In particular, there is a hole after struct ffreplay to satis...

SUSE CVE-2025-40037

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

SUSE CVE-2025-40038

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid Skip the WRMSR and HLT fastpaths in SVM's VM-Exit handler if the next RIP isn't valid, e.g. because KVM is running with nrips=false. SVM must decode and emulate...

SUSE CVE-2025-40041

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Sign-extend struct ops return values properly The nsbpfqdisc selftest triggers a kernel panic: Oops1: CPU 0 Unable to handle kernel paging request at virtual address 0000000000741d58, era == 90000000851b5ac0, ra =...

SUSE CVE-2025-40051

In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copyfromiter and copytoiter can't be negative, check whether the copied lengths are equal...

SUSE CVE-2025-40054

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF issue in f2fsmergepagebio As JY reported in bugzilla 1, Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 pc : 0xffffffe51d249484 f2fsiscpguaranteed+0x70/0x98 lr : 0xffffffe51d24ad...

SUSE CVE-2025-40067

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of index entries. If the bitmap is empty while index blocks are already...

SUSE CVE-2025-40083

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix null-deref in aggdequeue To prevent a potential crash in aggdequeue net/sched/schqfq.c when cl-qdisc-ops-peekcl-qdisc returns NULL, we check the return value before using it, similar to the existing approac...

SUSE CVE-2025-40084

In the Linux kernel, the following vulnerability has been resolved: ksmbd: transportipc: validate payload size before reading handle handleresponse dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message fr...

SUSE CVE-2025-40085

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer deference in trytoregistercard In trytoregistercard, the return value of usbifnumtoif is passed directly to usbinterfaceclaimed without a NULL check, which will lead to a NULL pointer dereference...

SUSE CVE-2025-61099

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaqueinfodetail function at ospfopaque.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted LS Update packet...

SUSE CVE-2025-61100

FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospfopaquelsadump function at ospfopaque.c. This vulnerability allows attackers to cause a Denial of Service DoS under specific malformed LSA conditions...