SUSE CVE-2022-50536

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sockput when msg has moredata In tcpbpfsendverdict redirection, the eval variable is assigned to SKREDIRECT after the applybytes data is sent, if msg has moredata, sockput will be called multip...

SUSE CVE-2022-50541

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Reset UDMACHANRT byte counters to prevent overflow UDMACHANRTBCNTREG stores the real-time channel bytecount statistics. These registers are 32-bit hardware counters and the driver uses these counters to...

SUSE CVE-2022-50542

In the Linux kernel, the following vulnerability has been resolved: media: si470x: Fix use-after-free in si470xintincallback syzbot reported use-after-free in si470xintincallback 1. This indicates that urb-context, which contains struct si470xdevice object, is freed when si470xintincallback is...

SUSE CVE-2022-50544

In the Linux kernel, the following vulnerability has been resolved: usb: host: xhci: Fix potential memory leak in xhciallocstreaminfo xhciallocstreaminfo allocates stream context array for streaminfo -streamctxarray with xhciallocstreamctx. When some error occurs, streaminfo-streamctxarray is not...

SUSE CVE-2022-50548

In the Linux kernel, the following vulnerability has been resolved: media: i2c: hi846: Fix memory leak in hi846parsedt If any of the checks related to the supported link frequencies fail, then the V4L2 fwnode resources don't get released before returning, which leads to a memleak. Fix this by...

SUSE CVE-2022-50550

In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix memory leak on adddisk failures When a gendisk is successfully initialized but adddisk fails such as when a loop device has invalid number of minor device numbers specified, blkcginitdisk is called during init...

SUSE CVE-2022-50554

In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double -queuerq because of early timeout David Jeffery found one double -queuerq issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault ...

SUSE CVE-2023-53617

In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: socinfo: Add kfree for kstrdup Add kfree in the later error handling in order to avoid memory leak...

SUSE CVE-2023-53620

In the Linux kernel, the following vulnerability has been resolved: md: fix soft lockup in statusresync statusresync will calculate 'currresync - recoveryactive' to show user a progress bar like following: ============........ resync = 61.4% 'currresync' and 'recoveryactive' is updated in mddosyn...

SUSE CVE-2023-53621

In the Linux kernel, the following vulnerability has been resolved: memcontrol: ensure memcg acquired by id is properly set up In the eviction recency check, we attempt to retrieve the memcg to which the folio belonged when it was evicted, by the memcg id stored in the shadow entry. However, ther...

SUSE CVE-2023-53623

In the Linux kernel, the following vulnerability has been resolved: mm/swap: fix swapinfostruct race between swapoff and getswappages The si-lock must be held when deleting the si from the available list. Otherwise, another thread can re-add the si to the available list, which can lead to memory...

SUSE CVE-2023-53624

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfq: fix integer overflow of "credit" if schfq is configured with "initial quantum" having values greater than INTMAX, the first assignment of "credit" does signed integer overflow to a very negative value. In this...

SUSE CVE-2023-53628

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: drop gfxv110cpeccerrorirqfuncs The gfx.cpeccerrorirq is retired in gfx11. In gfxv110hwfini still use amdgpuirqput to disable this interrupt, which caused the call trace in this function. 102.873958 Call Trace:...

SUSE CVE-2023-53632

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take RTNL lock when needed before calling xdpsetfeatures Hold RTNL lock when calling xdpsetfeatures with a registered netdev, as the call triggers the netdev notifiers. This could happen when switching from uplink rep ...

SUSE CVE-2023-53633

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix a leak in mapuserpages If getuserpagesfast allocates some pages but not as many as we wanted, then the current code leaks those pages. Call putpage on the pages before returning...

SUSE CVE-2023-53636

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: fix potential UAF in auxdev release callback Similar to commit 1c11289b34ab "peci: cpu: Fix use-after-free in adevrelease", the auxiliary device is not torn down in the correct order. If auxiliarydeviceadd fails,...

SUSE CVE-2023-53638

In the Linux kernel, the following vulnerability has been resolved: octeonep: cancel queued works in probe error path If it fails to get the devices's MAC address, octepprobe exits while leaving the delayed work intrpolltask queued. When the work later runs, it's a use after free. Move the...

SUSE CVE-2023-53641

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hifusb: fix memory leak of remainskbs hifdev-remainskb is allocated and used exclusively in ath9khifusbrxstream. It is implied that an allocated remainskb is processed and subsequently freed in error paths only durin...

SUSE CVE-2023-53643

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: don't access released socket during error recovery While the error recovery work is temporarily failing reconnect attempts, running the 'nvme list' command causes a kernel NULL pointer dereference by calling getsockname...

SUSE CVE-2023-53650

In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: lcdmipid: Fix an error handling path in mipidspiprobe If 'mipiddetect' fails, we must free 'md' to avoid a memory leak...

SUSE CVE-2023-53659

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix out-of-bounds when setting channels on remove If we set channels greater during iavfremove, and waiting reset done would be timeout, then returned with error but changed numactivequeues directly, that will lead to OOB...

SUSE CVE-2023-53662

In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leaks in ext4fnamesetupfilename,preparelookup If the filename casefolding fails, we'll be leaking memory from the fscryptname struct, namely from the 'cryptobuf.name' member. Make sure we free it in the error pat...

SUSE CVE-2023-53663

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Check instead of asserting on nested TSC scaling support Check for nested TSC scaling support on nested SVM VMRUN instead of asserting that TSC scaling is exposed to L1 if L1's MSRAMD64TSCRATIO has diverged from KVM's...

SUSE CVE-2023-53664

In the Linux kernel, the following vulnerability has been resolved: OPP: Fix potential null ptr dereference in devpmoppgetrequiredpstate "opp" pointer is dereferenced before the ISERRORNULL check. Fix it by removing the dereference to cache opptable and dereference it directly where opptable is...

SUSE CVE-2023-53665

In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after exportrdev Except for initial reference, mddev-kobject is referenced by rdev-kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be use...

SUSE CVE-2023-53668

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix deadloop issue on reading tracepipe Soft lockup occurs when reading file 'tracepipe': watchdog: BUG: soft lockup - CPU6 stuck for 22s! cat:4488 ... RIP: 0010:ringbufferemptycpu+0xed/0x170 RSP: 0018:ffff88810dd6fc...

SUSE CVE-2023-53675

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible descptr out-of-bounds accesses Sanitize possible descptr out-of-bounds accesses in sesenclosuredataprocess...

SUSE CVE-2023-53679

In the Linux kernel, the following vulnerability has been resolved: wifi: mt7601u: fix an integer underflow Fix an integer underflow that leads to a null pointer dereference in 'mt7601urxskbfromseg'. The variable 'dmalen' in the URB packet could be manipulated, which could trigger an integer...

SUSE CVE-2023-53683

In the Linux kernel, the following vulnerability has been resolved: fs: hfsplus: remove WARNON from hfspluscatread,writeinode syzbot is hitting WARNON in hfspluscatread,writeinode, for crafted filesystem image can contain bogus length. There conditions are not kernel bugs that can justify kernel ...

SUSE CVE-2023-53685

In the Linux kernel, the following vulnerability has been resolved: tun: Fix memory leak for detached NAPI queue. syzkaller reported 0 memory leaks of sk and skb related to the TUN device with no repro, but we can reproduce it easily with: struct ifreq ifr = int fdtun, fdtmp; char buf4 = ; fdtun ...

SUSE CVE-2023-53686

In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshakenldonedoit We should not call tracehandshakecmddoneerr if socket lookup has failed. Also we should call tracehandshakecmddoneerr before releasing the file, otherwise dereferencing...

SUSE CVE-2023-53687

In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsungtty: Fix a memory leak in s3c24xxserialgetclk when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, needs to be freed. If a...

SUSE CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

SUSE CVE-2025-61765

python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which...

SUSE CVE-2025-61770

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser buffers the entire multipart preamble bytes before the first boundary in memory without any size limit. A client can send a large preamble followed by a valid boundary, causing...

SUSE CVE-2025-61771

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser stores non-file form fields parts without a filename entirely in memory as Ruby String objects. A single large text field in a multipart/form-data request hundreds of megabytes or...

SUSE CVE-2025-61772

Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, Rack::Multipart::Parser can accumulate unbounded data when a multipart part's header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory witho...

SUSE CVE-2025-61962

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

SUSE CVE-2025-61984

ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. A configuration...

SUSE CVE-2025-61985

ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used...

SUSE CVE-2022-50471

In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized PV Xen domains: User process sets up a gntdev mapping composed of two grant...

SUSE CVE-2022-50476

In the Linux kernel, the following vulnerability has been resolved: ntbnetdev: Use devkfreeskbany in interrupt context TX/RX callback handlers ntbnetdevtxhandler, ntbnetdevrxhandler can be called in interrupt context via the DMA framework when the respective DMA operations have completed. As such...

SUSE CVE-2022-50477

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

SUSE CVE-2022-50489

In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipidsihostunregister loops over every device currently found on that bus and will unregister it. However, it doesn't...

SUSE CVE-2022-50494

In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offline and intelpowerclamp is used to inject idle, it generates kernel BUG: BUG: using smpprocessorid in preemptible 00000000 code:...

SUSE CVE-2022-50503

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrange invoked, if platformgetresource returns NULL...

SUSE CVE-2022-50504

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtasosterm It's unsafe to use rtasbusydelay to handle a busy status from the ibm,os-term RTAS function in rtasosterm: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG:...

SUSE CVE-2022-50505

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling...

SUSE CVE-2022-50507

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...

SUSE CVE-2023-53546

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5drcmdcreatereformatctx when mlx5cmdexec failed in mlx5drcmdcreatereformatctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5cmdexec...