58583 matches found
SUSE CVE-2025-39890
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix memory leak in ath12kservicereadyextevent Currently, in ath12kservicereadyextevent, svcrdyext.macphycaps is not freed in the failure case, causing a memory leak. The following trace is observed in kmemleak:...
SUSE CVE-2025-43272
The issue was addressed with improved memory handling. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash...
SUSE CVE-2025-43342
A correctness issue was addressed with improved checks. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. Processing maliciously crafted web content may lead to an unexpected process crash...
SUSE CVE-2025-43356
The issue was addressed with improved handling of caches. This issue is fixed in Safari 26, iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A website may be able to access sensor information without user consent...
SUSE CVE-2025-43368
A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, iOS 26 and iPadOS 26, macOS Tahoe 26. Processing maliciously crafted web content may lead to an unexpected Safari crash...
SUSE CVE-2025-51005
A heap-buffer-overflow vulnerability exists in the tcpliveplay utility of the tcpreplay-4.5.1. When a crafted pcap file is processed, the program incorrectly handles memory in the checksum calculation logic at dochecksummathliveplay in tcpliveplay.c, leading to a possible denial of service...
SUSE CVE-2025-55780
A null pointer dereference occurs in the function breakwordforoverflowwrap in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fzhtmlsplitflow to split a FLOWWORD node, but does not check if node-next is valid before accessing node-next-overflowwrap, resulti...
SUSE CVE-2022-50409
In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's skwq in skstreamwaitmemory Fixes the below NULL pointer dereference: ... 14.471200 Call Trace: 14.471562 14.471882 lockacquire+0x245/0x2e0 14.472416 ? removewaitqueue+0x12/0x50 14.473014 ?...
SUSE CVE-2023-53166
In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25890: Fix externalpowerchanged race bq25890chargerexternalpowerchanged dereferences bq-charger, which gets sets in bq25890powersupplyinit like this: bq-charger = devmpowersupplyregisterbq-dev, &bq-desc, &psycfg;...
SUSE CVE-2023-53416
In the Linux kernel, the following vulnerability has been resolved: USB: isp1362: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove instead...
SUSE CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controll...
SUSE CVE-2025-39867
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...
SUSE CVE-2025-39868
In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncatefoliobatchexceptionals Commit 0e2f80afcfa6"fs/dax: ensure all pages are idle prior to filesystem unmount" introduced the WARNONONCE to capture whether the filesystem has removed all DAX entri...
SUSE CVE-2025-39869
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queueprioritymap Fix a critical memory allocation bug in edmasetupfromhw where queueprioritymap was allocated with insufficient memory. The code declared queueprioritymap as s8 ...
SUSE CVE-2025-39870
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxdsetupwqs The clean up in idxdsetupwqs has had a couple bugs because the error handling is a bit subtle. It's simpler to just re-write it in a cleaner way. The issues here are: 1 If...
SUSE CVE-2025-39871
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Remove improper idxdfree The call to idxdfree introduces a duplicate putdevice leading to a reference count underflow: refcountt: underflow; use-after-free. WARNING: CPU: 15 PID: 4428 at lib/refcount.c:28...
SUSE CVE-2025-39872
In the Linux kernel, the following vulnerability has been resolved: hsr: hold rcu and dev lock for hsrgetportndev hsrgetportndev calls hsrforeachport, which need to hold rcu lock. On the other hand, before return the port device, we need to hold the device reference to avoid UaF in the caller...
SUSE CVE-2025-39873
In the Linux kernel, the following vulnerability has been resolved: can: xilinxcan: xcanwriteframe: fix use-after-free of transmitted SKB canputechoskb takes ownership of the SKB and it may be freed during or after the call. However, xilinxcan xcanwriteframe keeps using SKB after the call. Fix th...
SUSE CVE-2025-39874
In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTMNEWLINK Syzkaller managed to lock the lower device via ETHTOOLSFEATURES: netdevlock include/linux/netdevice.h:2761 inline netdevlockops include/net/netdevlock.h:42 inline netdevsynclowerfeatures...
SUSE CVE-2025-39876
In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fecenetphyresetafterclkenable The function ofphyfinddevice may return NULL, so we need to take care before dereferencing phydev...
SUSE CVE-2025-39877
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in stateshow stateshow reads kdamond-damonctx without holding damonsysfslock. This allows a use-after-free race: CPU 0 CPU 1 ----- ----- stateshow damonsysfsturndamonon ctx = kdamond-damonctx;...
SUSE CVE-2025-39878
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method" by moving code from cephwritepagesstart to this...
SUSE CVE-2025-39879
In the Linux kernel, the following vulnerability has been resolved: ceph: always call cephshiftunusedfoliosleft The function cephprocessfoliobatch sets foliobatch entries to NULL, which is an illegal state. Before foliobatchrelease crashes due to this API violation, the function...
SUSE CVE-2025-39880
In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...
SUSE CVE-2025-39881
In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free UAF vulnerability was identified in the PSI Pressure Stall Information monitoring mechanism: BUG: KASAN: slab-use-after-free in psitriggerpoll+0x3c/0x140 Read...
SUSE CVE-2025-39883
In the Linux kernel, the following vulnerability has been resolved: mm/memory-failure: fix VMBUGONPAGEPagePoisonedpage when unpoison memory When I did memory failure tests, below panic occurs: page dumped because: VMBUGONPAGEPagePoisonedpage kernel BUG at include/linux/page-flags.h:616! Oops:...
SUSE CVE-2025-39885
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FSIOCFIEMAP of the extent list on a specially crafted mmap file. contextswitch kernel/sched/core.c:5357 inline...
SUSE CVE-2025-39886
In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allowspinning=false path in bpftimerinit Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as one example: ... 10.011566...
SUSE CVE-2025-39887
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmapparselist A crash was observed with the following output: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops: Oops: 0000 1 SMP NOPTI CPU: 2 UID: 0 PID: 92 Comm:...
SUSE CVE-2025-51006
Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dltlinuxsll2cleanup function in plugins/dltlinuxsll2/linuxsll2.c. This vulnerability is triggered when tcpeditdltcleanup indirectly invokes the cleanup routine multiple times on the same memory region. By...
SUSE CVE-2025-59432
SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...
SUSE CVE-2025-59798
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfwritecmap in devices/vector/gdevpdtw.c...
SUSE CVE-2025-59799
Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmarkcoercedest in devices/vector/gdevpdfm.c via a large size value...
SUSE CVE-2025-59800
In Artifex Ghostscript through 10.05.1, ocrbeginpage in devices/gdevpdfocr.c has an integer overflow that leads to a heap-based buffer overflow in ocrline8...
SUSE CVE-2021-47209
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfsrq's Kevin is reporting crashes which point to a use-after-free of a cfsrq in updateblockedaverages. Initial debugging revealed that we've live cfsrq's onlist=1 in an about t...
SUSE CVE-2022-50240
In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the mmaplock for later use. This is unsafe and there are a number of failure paths after the recorded VMA pointer may be freed during...
SUSE CVE-2022-50284
In the Linux kernel, the following vulnerability has been resolved: ipc: fix memory leak in initmqueuefs When setupmqsysctls failed in initmqueuefs, mqueueinodecachep is not released. In order to fix this issue, the release path is reordered...
SUSE CVE-2022-50296
In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS is selected, cpumaxbitswarn generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using...
SUSE CVE-2022-50297
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: verify the expected usbendpoints are present The bug arises when a USB device claims to be an ATH9K but doesn't have the expected endpoints. In this case there was an interrupt endpoint where the driver expected a bu...
SUSE CVE-2022-50373
In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queuework in dlmlowcommscommitmsg and srcureadunlock. The queuework can take the final reference of a dlmmsg and so msg-idx can contain garbage which is signaled by th...
SUSE CVE-2022-50388
In the Linux kernel, the following vulnerability has been resolved: nvme: fix multipath crash caused by flush request when blktrace is enabled The flush request initialized by blkkickflush has NULL bio, and it may be dealt with nvmeendreq during io completion. When blktrace is enabled,...
SUSE CVE-2023-33953
gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the following DOS attacks: - Unbounded memory buffering in the HPACK parser - Unbounded CPU consumption ...
SUSE CVE-2023-35927
NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until...
SUSE CVE-2023-35928
Nextcloud Server is a space for data storage on Nextcloud, a self-hosted productivity playform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 19.0.0 until 19.0.13.9, 20.0.0 until 20.0.14.14, 21.0.0 until 21.0.9.12, 22.0.0 until...
SUSE CVE-2023-53220
In the Linux kernel, the following vulnerability has been resolved: media: az6007: Fix null-ptr-deref in az6007i2cxfer In az6007i2cxfer, msg is controlled by user. When msgi.buf is null and msgi.len is zero, former checks on msgi.buf would be passed. Malicious data finally reach az6007i2cxfer. If...
SUSE CVE-2023-53329
In the Linux kernel, the following vulnerability has been resolved: workqueue: fix data race with the pwq-stats increment KCSAN has discovered a data race in kernel/workqueue.c:2598: 1863.554079 ================================================================== 1863.554118 BUG: KCSAN: data-race i...
SUSE CVE-2023-53346
In the Linux kernel, the following vulnerability has been resolved: kernel/failfunction: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove...
SUSE CVE-2023-53387
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix device management cmd timeout flow In the UFS error handling flow, the host will send a device management cmd NOP OUT to the device for link recovery. If this cmd times out and clearing the doorbell fails,...
SUSE CVE-2023-53425
In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still dereferenced. This fixes this smatch warning: drivers/media/platform/mediatek/vpu/mtkvpu.c:570 vpuloadfirmware warn: address of NULL point...
SUSE CVE-2024-42268
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix missing lock on sync reset reload On sync reset reload work, when remote host updates devlink on reload actions performed on that host, it misses taking devlink lock before calling devlinkremotereloadactionsperforme...