SUSE CVE-2023-53584

In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifsreleasepage: Remove ubifsassert0 to valid this process There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifsreleasepage which means there exist...

SUSE CVE-2023-53585

In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpfskassign The semantics for bpfskassign are as follows: sk = somelookupfunc bpfskassignskb, sk bpfskreleasesk That is, the sk is not consumed by bpfskassign. The function therefore needs to make...

SUSE CVE-2023-53586

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUNRESET handling This fixes a bug where an initiator thinks a LUNRESET has cleaned up running commands when it hasn't. The bug was added in commit 51ec502a3266 "target: Delete tmr from list before...

SUSE CVE-2023-53587

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible maybe not in a real system, but it did happen in ARCH=um with time-travel to destroy the...

SUSE CVE-2023-53588

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing when the AP isn't eve...

SUSE CVE-2023-53589

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware nchannels If the firmware sends us a corrupted MCC response with nchannels much larger than the command response can be, we might copy far too much uninitialized memory and even crash if t...

SUSE CVE-2023-53590

In the Linux kernel, the following vulnerability has been resolved: sctp: add a refcnt in sctpstreampriorities to avoid a nested loop With this refcnt added in sctpstreampriorities, we don't need to traverse all streams to check if the prio is used by other streams when freeing one stream's prio ...

SUSE CVE-2023-53591

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock0 when peer flows are created while holding the devcom rw semaphore. Due to peer flows offload implementation the lock is taken much higher up the ca...

SUSE CVE-2023-53592

In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifivegpioprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2023-53593

In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifsreadpageworker is called, the call contract is that the callee should unlock the page. This is documented in the readfolio section of...

SUSE CVE-2023-53594

In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in deviceadd When calling kobjectadd failed in deviceadd, it will call cleanupgluedir to free resource. But in kobjectadd, dev-kobj.parent has been set to NULL. This will cause resource leak. The...

SUSE CVE-2023-53595

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: mcs: Fix NULL pointer dereferences When system is rebooted after creating macsec interface below NULL pointer dereference crashes occurred. This patch fixes those crashes by using correct order of teardown 3324.4069...

SUSE CVE-2023-53596

In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devresreleaseall only gets called if the device has a bus and has been probed. This leads to issues when using bus-less or driver-less devices...

SUSE CVE-2023-53597

In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection. But we do not return the mi...

SUSE CVE-2023-53598

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range check CHDBOFF and ERDBOFF If the value read from the CHDBOFF and ERDBOFF registers is outside the range of the MHI register space then an invalid address might be computed which later causes a kernel panic...

SUSE CVE-2023-53599

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Fix missing initialisation affecting gcm-aes-s390 Fix afalgallocareq to initialise areq-firstrsgl.sgl.sgt.sgl to point to the scatterlist array in areq-firstrsgl.sgl.sgl. Without this, the gcm-aes-s390 driver will...

SUSE CVE-2023-53600

In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ipcomputecsum+0x134/0x220 Read of size 4 at addr ffff88811c50db00 by...

SUSE CVE-2023-53601

In the Linux kernel, the following vulnerability has been resolved: bonding: do not assume skb macheader is set Drivers must not assume in their ndostartxmit that skbs have their macheader set. skb-data is all what is needed. bonding seems to be one of the last offender as caught by syzbot:...

SUSE CVE-2023-53602

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod. Fix it by calling ath11kfwstatsfree function before hardware unregister. While at i...

SUSE CVE-2023-53604

In the Linux kernel, the following vulnerability has been resolved: dm integrity: call kmemcachedestroy in dmintegrityinit error path Otherwise the journaliocache will leak if dmregistertarget fails...

SUSE CVE-2023-53605

In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dcconstructctx function...

SUSE CVE-2023-53606

In the Linux kernel, the following vulnerability has been resolved: nfsd: clean up potential nfsdfile refcount leaks in COPY codepath There are two different flavors of the nfsd4copy struct. One is embedded in the compound and is used directly in synchronous copies. The other is dynamically...

SUSE CVE-2023-53607

In the Linux kernel, the following vulnerability has been resolved: ALSA: ymfpci: Fix BUGON in probe function The snddmabuffer.bytes field now contains the aligned size, which this sndBUGON did not account for, resulting in the following: 9.625915 ------------ cut here ------------ 9.633440...

SUSE CVE-2023-53609

In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: core: Do not increase scsidevice's iorequestcnt if dispatch failed" The "atomicinc&cmd-device-iorequestcnt" in scsiqueuerq would cause kernel panic because cmd-device may be freed after returning from...

SUSE CVE-2023-53610

In the Linux kernel, the following vulnerability has been resolved: irqchip: Fix refcount leak in platformirqchipprobe ofirqfindparent returns a node pointer with refcount incremented, We should use ofnodeput on it when not needed anymore. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2023-53611

In the Linux kernel, the following vulnerability has been resolved: ipmisi: fix a memleak in trysmiinit Kmemleak reported the following leak info in trysmiinit: unreferenced object 0xffff00018ecf9400 size 1024: comm "modprobe", pid 2707763, jiffies 4300851415 age 773.308s backtrace:...

SUSE CVE-2023-53612

In the Linux kernel, the following vulnerability has been resolved: hwmon: coretemp Simplify platform device handling Coretemp's platform driver is unconventional. All the real work is done globally by the initcall and CPU hotplug notifiers, while the "driver" effectively just wraps an allocation...

SUSE CVE-2023-53613

In the Linux kernel, the following vulnerability has been resolved: dax: Fix daxmappingrelease use after free A CONFIGDEBUGKOBJECTRELEASE test of removing a device-dax region provider like modprobe -r daxhmem yields: kobject: 'mapping0' ffff93eb460e8800: kobjectrelease, parent 0000000000000000...

SUSE CVE-2023-53614

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mmstruct teardown exitmmap will tear down the VMAs and maple tree with the mmaplock held in write mode. Ensure that the maple tree is still valid by checking ksmtestexit after taking the...

SUSE CVE-2023-53615

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trac...

SUSE CVE-2023-53616

In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFSIPipimap-iimap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slabfree mm/slub.c:3661 inline BUG: KASAN: double-free in kmemcachefree+0x71/0x110 mm/slub.c:3674 Free ...

SUSE CVE-2025-10728

When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...

SUSE CVE-2025-10729

The module will parse a node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free...

SUSE CVE-2025-39929

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirectrecvio leak in smbdnegotiate error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on kmemcacheshutdown...

SUSE CVE-2025-39931

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Set merge to zero early in afalgsendmsg If an error causes afalgsendmsg to abort, ctx-merge may contain a garbage value from the previous loop. This may then trigger a crash on the next entry into afalgsendmsg whe...

SUSE CVE-2025-39932

In the Linux kernel, the following vulnerability has been resolved: smb: client: let smbddestroy call disableworksync&info-postsendcreditswork In smbddestroy we may destroy the memory so we better wait until postsendcreditswork is no longer pending and will never be started again. I actually just...

SUSE CVE-2025-39933

In the Linux kernel, the following vulnerability has been resolved: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength This is inspired by the related server fixes...

SUSE CVE-2025-39934

In the Linux kernel, the following vulnerability has been resolved: drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ If the interrupt occurs before resource initialization is complete, the interrupt handler/worker may access uninitialized data such as the I2C tcpcclient device,...

SUSE CVE-2025-39936

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Always pass in an error pointer to sevplatformshutdownlocked When 9770b428b1a2 "crypto: ccp - Move devinfo/err messages for SEV/SNP init and shutdown" moved the error messages dumping so that they don't need to be...

SUSE CVE-2025-39937

In the Linux kernel, the following vulnerability has been resolved: net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer Since commit 7d5e9737efda "net: rfkill: gpio: get the name and type from device property" rfkillfindtype gets called with the possibly uninitialized "const...

SUSE CVE-2025-39938

In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed If earlier opening of source graph fails e.g. ADSP rejects due to incorrect audioreach topology, the graph is closed and "daidata-graphdai-id" is...

SUSE CVE-2025-39939

In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Fix memory corruption when using identity domain zpcigetiommuctrs returns counter information to be reported as part of device statistics; these counters are stored as part of the s390domain. The problem, however, is...

SUSE CVE-2025-39940

In the Linux kernel, the following vulnerability has been resolved: dm-stripe: fix a possible integer overflow There's a possible integer overflow in stripeiohints if we have too large chunk size. Test if the overflow happened, and if it did, don't set limits-iomin and limits-ioopt;...

SUSE CVE-2025-39941

In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 CPU1 zramslotlock zsfreehandle zramslotlock zramslotlock...

SUSE CVE-2025-39943

In the Linux kernel, the following vulnerability has been resolved: ksmbd: smbdirect: validate dataoffset and datalength field of smbdirectdatatransfer If dataoffset and datalength of smbdirectdatatransfer struct are invalid, out of bounds issue could happen. This patch validate dataoffset and...

SUSE CVE-2025-39944

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix use-after-free bugs in otx2synctstamp The original code relies on canceldelayedwork in otx2ptpdestroy, which does not ensure that the delayed work item synctstampwork has fully completed if it was already runnin...

SUSE CVE-2025-39945

In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnicdeletetask The original code uses canceldelayedwork in cniccmstopbnx2xhw, which does not guarantee that the delayed work item 'deletetask' has fully completed if it was already running...

SUSE CVE-2025-39947

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Harden uplink netdev access against device unbind The function mlx5uplinknetdevget gets the uplink netdevice pointer from mdev-mlx5eres.uplinknetdev. However, the netdevice can be removed and its pointer cleared when...

SUSE CVE-2025-39948

In the Linux kernel, the following vulnerability has been resolved: ice: fix Rx page leak on multi-buffer frames The iceputrxmbuf function handles calling iceputrxbuf for each buffer in the current frame. This function was introduced as part of handling multi-buffer XDP support in the ice driver...

SUSE CVE-2025-39951

In the Linux kernel, the following vulnerability has been resolved: um: virtiouml: Fix use-after-free after putdevice in probe When registervirtiodevice fails in virtioumlprobe, the code sets vudev-registered = 1 even though the device was not successfully registered. This can lead to...