SUSE CVE-2025-61587

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

SUSE CVE-2021-4460

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If getnumsdmaqueues or getnumxgmisdmaqueues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand. This behaviour is...

SUSE CVE-2022-50420

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/hpre - fix resource leak in remove process In hpreremove, when the disable operation of qm sriov failed, the following logic should continue to be executed to release the remaining resources that have been...

SUSE CVE-2022-50421

In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Avoid double destroy of default endpoint The rpmsgdevremove in rpmsgcore is the place for releasing this default endpoint. So need to avoid destroying the default endpoint in rpmsgchrdeveptdevdestroy, this should be...

SUSE CVE-2022-50422

In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the smpexecutetasksg calls deltimer to delete "slowtask-timer". However, if the timer handler sastaskinternaltimedout is running, the deltim...

SUSE CVE-2022-50423

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpiutcopyipackagetoipackage There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpiutremovereference+0x3b/0x82 Read of size 1 at addr ffff888112afc460 by task modprobe/2111...

SUSE CVE-2022-50424

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: resource leaks at mt7921checkoffloadcapability Fixed coverity issue with resource leaks at variable "fw" going out of scope leaks the storage it points to mt7921checkoffloadcapability. Addresses-Coverity-ID:...

SUSE CVE-2022-50425

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix copyxstatetouabi to copy init states correctly When an extended state component is not present in fpstate, but in init state, the function copies from initfpstate via copyfeature. But, dynamic states are not present ...

SUSE CVE-2022-50426

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imxdsprproc: Add mutex protection for workqueue The workqueue may execute late even after remoteproc is stopped or stopping, some resources rpmsg device and endpoint have been released in rprocstopsubdevices, then...

SUSE CVE-2022-50427

In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix possible memory leak in sndac97devregister If deviceregister fails in sndac97devregister, it should call putdevice to give up reference, or the name allocated in devsetname is leaked...

SUSE CVE-2022-50428

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several ve...

SUSE CVE-2022-50429

In the Linux kernel, the following vulnerability has been resolved: memory: of: Fix refcount leak bug in oflpddr3getddrtimings We should add the ofnodeput when breaking out of foreachchildofnode as it will automatically increase and decrease the refcount...

SUSE CVE-2022-50430

In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix warning - do not call blocking ops when !TASKRUNNING vub300enablesdioirq works with mutex and need TASKRUNNING here. Ensure that we mark current as TASKRUNNING for sleepable context. 77.554641 do not call blockin...

SUSE CVE-2022-50431

In the Linux kernel, the following vulnerability has been resolved: ALSA: aoa: i2sbus: fix possible memory leak in i2sbusadddev devsetname in soundbusaddone allocates memory for name, it need be freed when ofdeviceregister fails, call soundbusdevput to give up the reference that hold in...

SUSE CVE-2022-50432

In the Linux kernel, the following vulnerability has been resolved: kernfs: fix use-after-free in kernfsremove Syzkaller managed to trigger concurrent calls to kernfsremovebynamens for the same file resulting in a KASAN detected use-after-free. The race occurs when the root node is freed during...

SUSE CVE-2022-50434

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix possible memleak when register 'hctx' failed There's issue as follows when do fault injection test: unreferenced object 0xffff888132a9f400 size 512: comm "insmod", pid 308021, jiffies 4324277909 age 509.733s hex dump...

SUSE CVE-2022-50435

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4STATEMAYINLINEDATA flag. Thus when inode gets truncated later to say 1 byte and...

SUSE CVE-2022-50437

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight bridges. Patchwork:...

SUSE CVE-2022-50438

In the Linux kernel, the following vulnerability has been resolved: net: hinic: fix memory leak when reading function table When the input parameter idx meets the expected case option in hinicdbggetfunctable, readdata is not released. Fix it...

SUSE CVE-2022-50439

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come straight from reset, we might receive an IRQ before we are ready to handle it. 2.334737 Unable to handle kernel read from unreadable memory at...

SUSE CVE-2022-50442

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validate buffer length while parsing index indxread is called when we have some NTFS directory operations that need more information from the index buffers. This adds a sanity check to make sure the returned index buffe...

SUSE CVE-2022-50443

In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by replacing it with the...

SUSE CVE-2022-50444

In the Linux kernel, the following vulnerability has been resolved: clk: tegra20: Fix refcount leak in tegra20clockinit offindmatchingnode returns a node pointer with refcount incremented, we should use ofnodeput on it when not need anymore. Add missing ofnodeput to avoid refcount leak...

SUSE CVE-2022-50445

In the Linux kernel, the following vulnerability has been resolved: xfrm: Reinject transport-mode packets through workqueue The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: soft lockup - CPU0 stuck for 22s!...

SUSE CVE-2022-50446

In the Linux kernel, the following vulnerability has been resolved: ARC: mm: fix leakage of memory allocated for PTE Since commit d9820ff "ARC: mm: switch pgtablet back to struct page " a memory leakage problem occurs. Memory allocated for page table entries not released during process terminatio...

SUSE CVE-2022-50447

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciconn: Fix crash on hcicreatecissync When attempting to connect multiple ISO sockets without using DEFERSETUP may result in the following crash: BUG: KASAN: null-ptr-deref in hcicreatecissync+0x18b/0x2b0 Read of size...

SUSE CVE-2022-50448

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix warning without PTEMARKERUFFDWP compiled in When PTEMARKERUFFDWP not configured, it's still possible to reach pte marker code and trigger an warning. Add a few CONFIGPTEMARKERUFFDWP ifdefs to make sure the code won't...

SUSE CVE-2022-50449

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in samsungclkregisterpll If clkregister fails, @pll-ratetable may have allocated memory by kmemdup, so it needs to be freed, otherwise will cause memory leak issue, this patch fixes it...

SUSE CVE-2022-50450

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-50452

In the Linux kernel, the following vulnerability has been resolved: net: sched: cake: fix null pointer access issue when cakeinit fails When the default qdisc is cake, if the qdisc of devqueue fails to be inited during mqprioinit, cakereset is invoked to clear resources. In this case, the tins is...

SUSE CVE-2022-50453

In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO character device's...

SUSE CVE-2022-50455

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2022-50456

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an inline extent followed by a regular or prealloc extent, then a legitimate attempt to resolve a logical address in the non-inline region...

SUSE CVE-2022-50457

In the Linux kernel, the following vulnerability has been resolved: mtd: core: Fix refcount error in delmtddevice delmtddevice will call ofnodeput to mtdgetofnodemtd, which is mtd-dev.ofnode. However, memset&mtd-dev, 0 is called before ofnodeput. As the result, ofnodeput won't do anything in...

SUSE CVE-2022-50459

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling getpeername Fix a NULL pointer crash that occurs when we are freeing the socket at the same time we access it via sysfs. The problem is that: 1. iscsiswtcpconngetparam and...

SUSE CVE-2022-50460

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifsflock If not flock, before return -ENOLCK, should free the xid, otherwise, the xid will be leaked...

SUSE CVE-2022-50461

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix PM runtime leakage in am65cpswnussndoslaveopen Ensure pmruntimeput is issued in error path...

SUSE CVE-2022-50462

In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 "driver core: get rid of struct device's busid string array", the name of device is allocated dynamically, it need be freed when module exiting,...

SUSE CVE-2022-50463

In the Linux kernel, the following vulnerability has been resolved: powerpc/52xx: Fix a resource leak in an error handling path The error handling path of mpc52xxlpbfifoprobe has a requestirq that is not balanced by a corresponding freeirq. Add the missing call, as already done in the remove...

SUSE CVE-2022-50465

In the Linux kernel, the following vulnerability has been resolved: ext4: fix leaking uninitialized memory in fast-commit journal When space at the end of fast-commit journal blocks is unused, make sure to zero it out so that uninitialized memory is not leaked to disk...

SUSE CVE-2022-50466

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak: unreferenced object 0xffff88817104ef80 size 224: comm "xfsadmin", pid 47165, jiffies 4298708825 age 1333.476s hex dump first 32 bytes: 00...

SUSE CVE-2022-50467

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null ndlp ptr dereference in abnormal exit path for GFTID An error case exit from lpfccmplctcmdgftid results in a call to lpfcnlpput with a null pointer to a nodelist structure. Changed lpfccmplctcmdgftid to...

SUSE CVE-2022-50469

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix potential memory leak in rtwinitdrvsw In rtwinitdrvsw, there are various init functions are called to populate the padapter structure and some checks for their return value. However, except for the first o...

SUSE CVE-2023-53448

In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded releasememregion Remove unnecessary releasememregion from the error path to prevent mem region from being released twice, which could avoid resource leak or other unexpected issues...

SUSE CVE-2023-53449

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasdeckdinit dasdreservereq is allocated before dasdvolinforeq, and it also needs to be freed before the error returns, just like the other cases in this function...

SUSE CVE-2023-53451

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'curdsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer...

SUSE CVE-2023-53452

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napiinit and napienable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that will enable NAPI. Then...

SUSE CVE-2023-53453

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 size 512: comm "systemd-udevd", pid 326, jiffies 4294682822 age 716.338s hex dump first 3...

SUSE CVE-2023-53454

In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput inputdev name Reference the HID device rather than the input device for the devm allocation of the inputdev name. Referencing the inputdev would lead to a use-after-free...

SUSE CVE-2023-53455

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: drop all currently held locks if deadlock happens If vc4hdmiresetlink returns -EDEADLK, it means that a deadlock happened in the locking context. This situation should be addressed by dropping all currently held locks an...