59855 matches found
SUSE CVE-2025-68237
In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so that's capped at U32MAX...
SUSE CVE-2025-68238
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: cadence: fix DMA device NULL pointer dereference The DMA device pointer dmadev was being dereferenced before ensuring that cdnsctrl-dmac is properly initialized. Move the assignment of dmadev after successfully...
SUSE CVE-2025-68239
In the Linux kernel, the following vulnerability has been resolved: binfmtmisc: restore write access before closing files opened by openexec bmregisterwrite opens an executable file using openexec, which internally calls doopenexecat and denies write access on the file to avoid modification while...
SUSE CVE-2025-68240
In the Linux kernel, the following vulnerability has been resolved: nilfs2: avoid having an active sctimer before freeing sci Because kthreadstop did not stop sctask properly and returned -EINTR, the sctimer was not properly closed, ultimately causing the problem 1 reported by syzbot when freeing...
SUSE CVE-2025-68241
In the Linux kernel, the following vulnerability has been resolved: ipv4: route: Prevent rtbindexception from rebinding stale fnhe The sit driver's packet transmission path calls: sittunnelxmit - updateorcreatefnhe, which lead to fnheremoveoldest being called to delete entries exceeding...
SUSE CVE-2025-68242
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...
SUSE CVE-2025-68243
In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...
SUSE CVE-2025-68244
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD On completion of i915vmapinww, a synchronous variant of dmafenceworkcommit is called. When pinning a VMA to GGTT address space on a Cherry View family processor, ...
SUSE CVE-2025-68245
In the Linux kernel, the following vulnerability has been resolved: net: netpoll: fix incorrect refcount handling causing incorrect cleanup commit efa95b01da18 "netpoll: fix use after free" incorrectly ignored the refcount and prematurely set dev-npinfo to NULL during netpoll cleanup, leading to...
SUSE CVE-2025-68246
In the Linux kernel, the following vulnerability has been resolved: ksmbd: close accepted socket when per-IP limit rejects connection When the per-IP connection limit is exceeded in ksmbdkthreadfn, the code sets ret = -EAGAIN and continues the accept loop without closing the just-accepted socket...
SUSE CVE-2025-68247
In the Linux kernel, the following vulnerability has been resolved: posix-timers: Plug potential memory leak in dotimercreate When posix timer creation is set to allocate a given timer ID and the access to the user space value faults, the function terminates without freeing the already allocated...
SUSE CVE-2025-68248
In the Linux kernel, the following vulnerability has been resolved: vmwballoon: indicate success when effectively deflating during migration When migrating a balloon page, we first deflate the old page to then inflate the new page. However, if inflating the new page succeeded, we effectively...
SUSE CVE-2025-68249
In the Linux kernel, the following vulnerability has been resolved: most: usb: hdmprobe: Fix calling putdevice before device initialization The early error path in hdmprobe can jump to errfreemdev before &mdev-dev has been initialized with deviceinitialize. Calling putdevice&mdev-dev there trigge...
SUSE CVE-2025-68250
In the Linux kernel, the following vulnerability has been resolved: hungtask: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Eero Tamminen, some...
SUSE CVE-2025-68251
In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters in...
SUSE CVE-2025-68252
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix dmabuf object leak in fastrpcmaplookup In fastrpcmaplookup, dmabufget is called to obtain a reference to the dmabuf for comparison purposes. However, this reference is never released when the function returns,...
SUSE CVE-2025-68253
In the Linux kernel, the following vulnerability has been resolved: mm: don't spin in addstackrecord when gfp flags don't allow syzbot was able to find the following path: addstackrecordtolist mm/pageowner.c:182 inline incstackrecordcount mm/pageowner.c:214 inline setpageowner+0x2c3/0x4a0...
SUSE CVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates ESR IE handling in OnBeacon accessed p + 1 + ielen and p + 2 + ielen without verifying that these offsets lie within the received...
SUSE CVE-2025-68255
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy length when copying into a fixed-size 16-byte stack...
SUSE CVE-2025-68256
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in rtwgetie parser The Information Element IE parser rtwgetie trusted the length byte of each IE without validating that the IE body len bytes after the 2-byte header fits inside the...
SUSE CVE-2025-68257
In the Linux kernel, the following vulnerability has been resolved: comedi: check device's attached status in compat ioctls Syzbot identified an issue 1 that crashes kernel, seemingly due to unexistent callback dev-getvalidroutes. By all means, this should not occur as said callback must always b...
SUSE CVE-2025-68258
In the Linux kernel, the following vulnerability has been resolved: comedi: multiq3: sanitize config options in multiq3attach Syzbot identified an issue 1 in multiq3attach that induces a task timeout due to open or COMEDIDEVCONFIG ioctl operations, specifically, in the case of multiq3 driver. Thi...
SUSE CVE-2025-68259
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced When re-injecting a soft interrupt from an INT3, INT0, or select INTn instruction, discard the exception and retry the instruction if the code stream is changed...
SUSE CVE-2025-68260
In the Linux kernel, the following vulnerability has been resolved: rustbinder: fix race condition on deathlist Rust Binder contains the following unsafe operation: // SAFETY: A NodeDeath is never inserted into the death list // of any node other than its owner, so it is either in this // death...
SUSE CVE-2025-68261
In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...
SUSE CVE-2025-68262
In the Linux kernel, the following vulnerability has been resolved: crypto: zstd - fix double-free in per-CPU stream cleanup The crypto/zstd module has a double-free bug that occurs when multiple tfms are allocated and freed. The issue happens because zstdstreams per-CPU contexts are freed in...
SUSE CVE-2025-68263
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipcmsgsendrequest ipcmsgsendrequest waits for a generic netlink reply using an ipcmsgtableentry on the stack. The generic netlink handler handlegenericevent/handleresponse fills entry-response...
SUSE CVE-2025-68264
In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei-iinlinesize can become stale between the initial size check and when ext4updateinlinedata/ext4createinlinedata use it. Although ext4getmaxinlinesize reads the...
SUSE CVE-2025-68265
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
SUSE CVE-2025-68266
In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that SIFMT bits of inode-imode can become bogus when the SIFMT bits of the 32bits "mode" field loaded from disk are corrupted or when the 32bits "attributes"...
SUSE CVE-2025-68281
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdcacontrol" declares "values" field as integer array. But the memory allocated to it is of char array. This causes crash for sdcaparsefunction API. This patch...
SUSE CVE-2025-68309
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aerinfo The kzallocGFPKERNEL may return NULL, so all accesses to aerinfo-xxx will result in kernel panic. Fix it...
SUSE CVE-2025-68310
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pcicfgaccesslock when executing the s390 variant of PCI error recovery: Acquire just devicelock instead of pcidevlock as...
SUSE CVE-2025-68311
In the Linux kernel, the following vulnerability has been resolved: tty: serial: ip22zilog: Use platform device for probing After commit 84a9582fd203 "serial: core: Start managing serial controllers to enable runtime PM" serial drivers need to provide a device in struct uartport.dev otherwise an...
SUSE CVE-2025-68312
In the Linux kernel, the following vulnerability has been resolved: usbnet: Prevents free active kevent The root cause of this issue are: 1. When probing the usbnet device, executing usbnetlinkchangedev, 0, 0; put the kevent work in global workqueue. However, the kevent has not yet been scheduled...
SUSE CVE-2025-68313
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add RDSEED fix for Zen5 There's an issue with RDSEED's 16-bit and 32-bit register output variants on Zen5 which return a random value of 0 "at a rate inconsistent with randomness while incorrectly signaling success...
SUSE CVE-2025-68314
In the Linux kernel, the following vulnerability has been resolved: drm/msm: make sure lastfence is always updated Update lastfence in the vm-bind path instead of kernel managed path. lastfence is used to wait for work to finish in vmbind contexts but not used for kernel managed contexts. This...
SUSE CVE-2025-68315
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to detect potential corrupted nid in freenidlist As reported, on-disk footer.ino and footer.nid is the same and out-of-range, let's add sanity check on f2fsallocnid to detect any potential corruption in freenidlist...
SUSE CVE-2025-68316
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix invalid probe error return value After DME Link Startup, the error return value is set to the MIPI UniPro GenericErrorCode which can be 0 SUCCESS or 1 FAILURE. Upon failure during driver probe, the error code...
SUSE CVE-2025-68317
In the Linux kernel, the following vulnerability has been resolved: iouring/zctx: check chained notif contexts Send zc only links ubufinfo for requests coming from the same context. There are some ambiguous syz reports, so let's check the assumption on notification completion...
SUSE CVE-2025-68318
In the Linux kernel, the following vulnerability has been resolved: clk: thead: th1520-ap: set all AXI clocks to CLKISCRITICAL The AXI crossbar of TH1520 has no proper timeout handling, which means gating AXI clocks can easily lead to bus timeout and thus system hang. Set all AXI clock gates to...
SUSE CVE-2025-68319
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire sumutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cgchildren list and concurrent add/remove of userdata items through configfs. The updateuserdata...
SUSE CVE-2025-68320
In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 inatomic: 1, irqsdisabled: 0,...
SUSE CVE-2025-68321
In the Linux kernel, the following vulnerability has been resolved: pagepool: always add GFPNOWARN for ATOMIC allocations Driver authors often forget to add GFPNOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact of life, and we pretty much expect network Rx ...
SUSE CVE-2025-68322
In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: unwindonce+0x1c/0x5c...
SUSE CVE-2025-12084
When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic. Availability can be impacted when building excessively nested documents...
SUSE CVE-2025-13870
Mattermost versions 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to validate the user permission when accessing the files and subscribing to the block in Boards, which allows an authenticated user to access other board files and was able to subscribe to the block from other boards that the user does...
SUSE CVE-2025-40218
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pteoffsetmaplock until success DAMON's virtual address space operation set implementation vaddr calls pteoffsetmaplock inside the page table walk callback function. This is for reading and writing pa...
SUSE CVE-2025-64443
MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious website or be served a malicious advertiseme...
SUSE CVE-2025-64750
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label write operation so...