SUSE CVE-2022-50503

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrange invoked, if platformgetresource returns NULL...

SUSE CVE-2022-50504

In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtasosterm It's unsafe to use rtasbusydelay to handle a busy status from the ibm,os-term RTAS function in rtasosterm: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b BUG:...

SUSE CVE-2022-50505

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in pprnotifier As comment of pcigetdomainbusandslot says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by calling...

SUSE CVE-2022-50507

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate data run offset This adds sanity checks for data run offset. We should make sure data run offset is legit before trying to unpack them, otherwise we may encounter use-after-free or some unexpected memory access...

SUSE CVE-2023-53546

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, fix memory leak in mlx5drcmdcreatereformatctx when mlx5cmdexec failed in mlx5drcmdcreatereformatctx, the memory pointed by 'in' is not released, which will cause memory leak. Move memory release after mlx5cmdexec...

SUSE CVE-2023-53553

In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: avoid struct memcpy overrun warning A previous patch addressed the fortified memcpy warning for most builds, but I still see this one with gcc-9: In file included from include/linux/string.h:254, from...

SUSE CVE-2023-53556

In the Linux kernel, the following vulnerability has been resolved: iavf: Fix use-after-free in freenetdev We do netifnapiadd for all allocated qvectors, but potentially do netifnapidel for part of them, then kfree qvectors and leave invalid pointers at dev-napilist. Reproducer: root@host cat...

SUSE CVE-2023-53557

In the Linux kernel, the following vulnerability has been resolved: fprobe: Release rethook after the ftraceops is unregistered While running bpf selftests it's possible to get following fault: general protection fault, probably for non-canonical address \ 0x6b6b6b6b6b6b6b6b: 0000 1 PREEMPT SMP...

SUSE CVE-2023-53561

In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix NULL pointer dereference when removing device In suspend and resume cycle, the removal and rescan of device ends up in NULL pointer dereference. During driver initialization, if the ipcimemwwanchannelinit fai...

SUSE CVE-2023-53569

In the Linux kernel, the following vulnerability has been resolved: ext2: Check block size validity during mount Check that log of block size stored in the superblock has sensible value. Otherwise the shift computing the block size can overflow leading to undefined behavior...

SUSE CVE-2023-53571

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Make intelgetcrtcnewencoder less oopsy The point of the WARN was to print something, not oops straight up. Currently that is precisely what happens if we can't find the connector for the crtc in the atomic state. Get th...

SUSE CVE-2023-53573

In the Linux kernel, the following vulnerability has been resolved: clk: rs9: Fix suspend/resume Disabling the cache in commit 2ff4ba9e3702 "clk: rs9: Fix I2C accessors" without removing cache synchronization in resume path results in a kernel panic as map-cacheops is unset, due to REGCACHENONE...

SUSE CVE-2023-53581

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOTREADY flag state after locking Currently the check for NOTREADY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is concurrently removed from...

SUSE CVE-2023-53583

In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERFHESSTOPPED flag checking in riscvpmustart Since commit 096b52fd2bb4 "perf: RISC-V: throttle perf events" the perfsampleeventtook function was added to report time spent in overflow interrupts. If the...

SUSE CVE-2023-53603

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Avoid fcport pointer dereference Klocwork reported warning of NULL pointer may be dereferenced. The routine exits when sactl is NULL and fcport is allocated after the exit call thus causing NULL fcport pointer to...

SUSE CVE-2023-53608

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfsscinfo in nilfssegctorthread The finalization of nilfssegctorthread can race with nilfssegctorkillthread which terminates that thread, potentially causing a use-after-free BUG as KASAN...

SUSE CVE-2025-11274

A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been...

SUSE CVE-2025-11275

A vulnerability was identified in Open Asset Import Library Assimp 6.0.2. Affected by this vulnerability is the function ODDLParser::getNextSeparator in the library assimp/contrib/openddlparser/include/openddlparser/OpenDDLParserUtils.h. Such manipulation leads to heap-based buffer overflow. The...

SUSE CVE-2025-11277

A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit...

SUSE CVE-2025-39935

In the Linux kernel, the following vulnerability has been resolved: ASoC: codec: sma1307: Fix memory corruption in sma1307settingloaded The sma1307-set.headersize is how many integers are in the header there are 8 of them but instead of allocating space of 8 integers we allocate 8 bytes. This lea...

SUSE CVE-2025-39942

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: verify remainingdatalength respects maxfragmentedrecvsize This is inspired by the check for dataoffset + datalength...

SUSE CVE-2025-39946

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

SUSE CVE-2025-39949

In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previously-kmalloc'ed dump...

SUSE CVE-2025-39950

In the Linux kernel, the following vulnerability has been resolved: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCPREPAIR A NULL pointer dereference can occur in tcpaofinishconnect during a connect system call on a socket with a TCP-AO key added and TCPREPAIR enabled. The...

SUSE CVE-2025-59728

When calculating the content path in handling of MPEG-DASH manifests, there's an out-of-bounds NUL-byte write one byte past the end of the buffer.When we call xmlNodeGetContent below 0, it returns a buffer precisely allocated to match the string length, using strdup internally. If this buffer is...

SUSE CVE-2025-59729

When parsing the header for a DHAV file, there's an integer underflow in offset calculation that leads to reading the duration from before the start of the allocated buffer. If we load a DHAV file that is larger than MAXDURATIONBUFFERSIZE bytes 0x100000 for example 0x101000 bytes, then at 0 we ha...

SUSE CVE-2025-59730

When decoding a frame for a SANM file ANIM v0 variant, the decoded data can be larger than the buffer allocated for it. Frames encoded with codec 48 can specify their resolution width x height. A buffer of appropriate size is allocated depending on the resolution. This codec can encode the frame...

SUSE CVE-2025-59731

When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rlerawsize from the input file at 0, we decompress and decode into the buffer td-rlerawdata of size rlerawsize a...

SUSE CVE-2025-59732

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at 0 and 1 will continue to write until the next multiple of 8. The buffer...

SUSE CVE-2025-59733

When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type and size, and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decodeheader. The...

SUSE CVE-2025-59734

It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be referenced by FTCH chunks. For files using subversion storedframe. Leaving ctx-hasdimensions set to false. A subsequent chunk with type FTCH...

SUSE CVE-2022-50470

In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or being removed then t...

SUSE CVE-2022-50472

In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context Tracepoints are not allowed to sleep, as such the following splat is generated due to call to ibquerypkey in atomic context. WARNING: CPU: 0 PID: 1888000 at...

SUSE CVE-2022-50473

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

SUSE CVE-2022-50474

In the Linux kernel, the following vulnerability has been resolved: macintosh: fix possible memory leak in macioaddonedevice Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically. It needs to be freed when ofdeviceregist...

SUSE CVE-2022-50475

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Make sure "ibport" is valid when access sysfs node The "ibport" structure must be set before adding the sysfs kobject, and reset after removing it, otherwise it may crash when accessing the sysfs node: Unable to handle...

SUSE CVE-2022-50478

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds/overflow in nilfssb2badoffset Patch series "nilfs2: fix UBSAN shift-out-of-bounds warnings on mount time". The first patch fixes a bug reported by syzbot, and the second one fixes the remaining bug...

SUSE CVE-2022-50479

In the Linux kernel, the following vulnerability has been resolved: drm/amd: fix potential memory leak This patch fix potential memory leak clksrc when function run into last return NULL. s/free/kfree/ - Alex...

SUSE CVE-2022-50480

In the Linux kernel, the following vulnerability has been resolved: memory: pl353-smc: Fix refcount leak bug in pl353smcprobe The break of foreachavailablechildofnode needs a corresponding ofnodeput when the reference 'child' is not used anymore. Here we do not need to call ofnodeput in fail path...

SUSE CVE-2022-50481

In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxlguestinitafu|adapter If deviceregister fails in cxlregisterafu|adapter, the device is not added, deviceunregister can not be called in the error path, otherwise it will cause a null-ptr-dere...

SUSE CVE-2022-50482

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clean up sidomain in the initdmars error path A splat from kmemcachedestroy was seen with a kernel prior to commit ee2653bbe89d "iommu/vt-d: Remove domain and devinfo mempool" when there was a failure in initdmars,...

SUSE CVE-2022-50483

In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdpdoredirect failure Before enetccleanrxringxdp calls xdpdoredirect, each software BD in the RX ring between index origi and i can have one of 2 refcount values on its page. We are the owner of...

SUSE CVE-2022-50484

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential memory leaks When the driver hits -ENOMEM at allocating a URB or a buffer, it aborts and goes to the error path that releases the all previously allocated resources. However, when -ENOMEM hits at th...

SUSE CVE-2022-50488

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...

SUSE CVE-2022-50490

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In htabmaplookupanddeletebatch if htablockbucket returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elements in current bucket silently, but...

SUSE CVE-2022-50491

In the Linux kernel, the following vulnerability has been resolved: coresight: cti: Fix hang in ctidisablehw ctienablehw and ctidisablehw are called from an atomic context so shouldn't use runtime PM because it can result in a sleep when communicating with firmware. Since commit 3c6656337852...

SUSE CVE-2022-50492

In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down e.g. after a second late...

SUSE CVE-2022-50493

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xxprocessresponsequeue+0x42a/0x970 qla2xxx qla2x00startnvmemq+0x3a2/0x4b0 qla2xxx...

SUSE CVE-2022-50495

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-50496

In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy Dmcache also has the same UAF problem when dmresume and dmdestroy are concurrent. Therefore, cancelling timer again in destroy...