59855 matches found
SUSE CVE-2025-40174
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switchmmirqsoff Stephen noted that it is possible to not have an smpmb between the loadedmm store and the tlbgen load in switchmm, meaning the ordering against flushtlbmmrange goes out the window, and ...
SUSE CVE-2025-40175
In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...
SUSE CVE-2025-40176
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...
SUSE CVE-2025-40177
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be receiving data. Therefore all the resources needed to process that data need to be setup prior to...
SUSE CVE-2025-40178
In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pidnrns taskpidnrns ns = taskactivepidnscurrent; pidnrnsrcudereferencetaskpidptrtask, type, ns; if pid && ns-level level Sometimes null is returned for taskactivepidns. Then it will trigger kern...
SUSE CVE-2025-40179
In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with absurdly large orphan...
SUSE CVE-2025-40180
In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop The cleanup loop was starting at the wrong array index, causing out-of-bounds access. Start the loop at the correct index for zero-indexed arrays to prevent...
SUSE CVE-2025-40181
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the legacy PCI hole, i.e. memory between Top of Lower Usable DRAM and 4GiB, to be mapped as UC via a forc...
SUSE CVE-2025-40182
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d "crypto: api - Add reqsize to cryptoalg" introduced crareqsize field in cryptoalg struct to replace type specific reqsize fields. It looks like this was introduced...
SUSE CVE-2025-40183
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadatadst leak bpfredirectneighv4,6 Cilium has a BPF egress gateway feature which forces outgoing K8s Pod traffic to pass through dedicated egress gateways which then SNAT the traffic in order to interact with stable I...
SUSE CVE-2025-40184
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...
SUSE CVE-2025-40185
In the Linux kernel, the following vulnerability has been resolved: ice: iceadapter: release xa entry on adapter allocation failure When iceadapternew fails, the reserved XArray entry created by xainsert is not released. This causes subsequent insertions at the same index to return -EBUSY,...
SUSE CVE-2025-40186
In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqskfastopenremove in tcpconnrequest. syzbot reported the splat below in tcpconnrequest. 0 If a listener is closed while a TFO socket is being processed in tcpconnrequest, inetcskreqskqueueadd does not set reqsk-...
SUSE CVE-2025-40188
In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLINPWMEN rather than BERLINPWMENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kernel panic during...
SUSE CVE-2025-40189
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error-ETIMEDOUT in lan78xxreadraweeprom Syzbot reported read of uninitialized variable BUG with following call stack. lan78xx 8-1:1.0 unnamed netdevice uninitialized: EEPROM read...
SUSE CVE-2025-40191
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfdlookupprocessbypid hold the kfd process reference to ensure it doesn't get destroyed while sending the segfault event to user space. Calling kfdlookupprocessbypid ...
SUSE CVE-2025-40194
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: Fix object lifecycle issue in updateqosrequest The cpufreqcpuput call in updateqosrequest takes place too early because the latter subsequently calls freqqosupdaterequest that indirectly accesses the policy...
SUSE CVE-2025-40197
In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released...
SUSE CVE-2025-40198
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parseapplysbmountoptions Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure smountopts is NUL terminated. Harden parseapplysbmountoptions by treating smountopts ...
SUSE CVE-2025-40199
In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix PPMAGICMASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PPMAGICMASK let to crashes on boot on his 32-bit parisc machine. The cause of this is the mask is set too wide, so the...
SUSE CVE-2025-40200
In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfsreadinode Syskaller reports a "WARNING in ovlcopyupfile" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system returns a file with a negative...
SUSE CVE-2025-40201
In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of tasklocktsk-groupleader in sysprlimit64 paths The usage of tasklocktsk-groupleader in sysprlimit64-doprlimit path is very broken. sysprlimit64 does gettaskstructtsk but this only protects...
SUSE CVE-2025-40202
In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is all done to handle more in the receive messag...
SUSE CVE-2025-40203
In the Linux kernel, the following vulnerability has been resolved: listmount: don't call pathput under namespace semaphore Massage listmount and make sure we don't call pathput under the namespace semaphore. If we put the last reference we're fscked...
SUSE CVE-2025-40204
In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
SUSE CVE-2025-40205
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properly account for the three cases it handles. Before writing to the file handle fh, the function only returns to the user...
SUSE CVE-2025-40206
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftobjref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit at 000000008bda5b8c...
SUSE CVE-2025-40207
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2subdevcallstatetry v4l2subdevcallstatetry macro allocates a subdev state with v4l2subdevstatealloc, but does not check the returned value. If v4l2subdevstatealloc fails, it retur...
SUSE CVE-2025-40208
In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec: Direct firmware load for qcom/vpu/vpu33p4.mbn failed with error -2 qcom-iris aa00000.video-codec:...
SUSE CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...
SUSE CVE-2025-12748
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...
SUSE CVE-2025-13012
Race condition in the Graphics component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13013
Mitigation bypass in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13014
Use-after-free in the Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Firefox ESR 115.30, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13015
Spoofing issue in Firefox. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, and Firefox ESR 115.30...
SUSE CVE-2025-13016
Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13017
Same-origin policy bypass in the DOM: Notifications component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13018
Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13019
Same-origin policy bypass in the DOM: Workers component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13020
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5...
SUSE CVE-2025-13021
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13022
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13023
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13024
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13025
Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13026
Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13027
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145...
SUSE CVE-2025-13042
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2025-40110
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmwcmdrescheck allows explicit invalid SVGA3DINVALIDID...
SUSE CVE-2025-40111
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmwexecbufprocess. All nodes are expected to be cleared in...