Lucene search
K
SusecveRecent

59189 matches found

SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•10 views

SUSE CVE-2026-49762

Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory exhaustion. The version parser converts numeric version components major, minor, patch and numeric...

5.1CVSS5.5AI score0.00152EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-52904

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkmdevice leak on aperture removal failure When apertureremoveconflictingpcidevices fails during probe, the error path returns directly without unwinding the nvkmdevice that was just allocated by nvkmdevicepcine...

2.3CVSS5.4AI score0.00156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•7 views

SUSE CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

4.4CVSS5.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•7 views

SUSE CVE-2026-52906

In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb "9p: convert to the new mount API", v9fsapplyoptions applies parsed mount flags with |= onto flags already set by v9fssessioninit. For 9P2000.L,...

4.2CVSS5.4AI score0.00121EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/10 2:25 a.m.•9 views

SUSE CVE-2026-52907

In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from vs = to avoid accessing one element beyond the end of the arrays. While at it, use ARRAYSIZE instead of the MAX enum values. fix cosmetic issues...

5.3CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:28 a.m.•9 views

SUSE CVE-2025-71315

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

5.5AI score0.00162EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:27 a.m.•12 views

SUSE CVE-2026-10725

Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory the "HTTP/2 bomb". The headersdecode method materialises a full key+value copy per indexe...

7.5CVSS5.7AI score0.00414EPSS
Exploits0References4
SUSE CVE
SUSE CVE
•added 2026/06/09 2:27 a.m.•13 views

SUSE CVE-2026-10879

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...

5.5CVSS5.7AI score0.00413EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:25 a.m.•9 views

SUSE CVE-2026-11487

A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argument path can lead to command injection. It is possible to launch the attack on the local host. The...

5.3CVSS5.3AI score0.00923EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•9 views

SUSE CVE-2026-44942

A path traversal in handling the "path" component of .repo files processed by libzypp before 17.38.13 in the 17.x series, or before 16.22.19 could be used by attackers to fill directories on the system outside of the zypp cache with content...

6.5CVSS5.8AI score0.00329EPSS
Exploits0References12
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•15 views

SUSE CVE-2026-46274

In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in iowqremovepending iowqremovepending needs to fix up wq-hashtail if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in...

7CVSS5.4AI score0.00138EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46275

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hciuart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free UAF and Null Pointer Dereference NPD conditions were observed in the lifecycle management of hciuart. The primary...

5.5CVSS5.4AI score0.00204EPSS
Exploits1References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46276

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 GFX 12 hardware removes the GDS, GWS, and OA on-chip memory resources. The gfxv120 initialisation code correctly leaves adev-gds.gdssize, adev-gds.gwssize, and adev-gds.oasi...

4.1CVSS5.5AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•11 views

SUSE CVE-2026-46277

In the Linux kernel, the following vulnerability has been resolved: mm/zonedevice: do not touch device folio after calling -foliofree The contents of a device folio can immediately change after calling -foliofree, as the folio may be reallocated by a driver with a different order. Instead of...

5.5CVSS5.3AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•9 views

SUSE CVE-2026-46278

In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. 171.549793 Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 171.559248 M...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•13 views

SUSE CVE-2026-46279

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

4.4CVSS5.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•9 views

SUSE CVE-2026-46280

In the Linux kernel, the following vulnerability has been resolved: lib: testhmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmmtest fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special...

5.5CVSS5.3AI score0.00126EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•11 views

SUSE CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.5CVSS5.8AI score0.00183EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46282

In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When devicepropertyreadstring fails, str is left uninitialized but the code falls through to strcmpstr, ..., dereferencing a garbage pointer. Replace manual read/strcm...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46283

In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfreesensitive to free auth session in tpmdevrelease tpmdevrelease uses plain kfree to free chip-auth, which contains sensitive cryptographic material including HMAC session keys, nonces, and passphrase data struct...

5.5CVSS5.5AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•11 views

SUSE CVE-2026-46284

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

5.5CVSS5.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•11 views

SUSE CVE-2026-46285

In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3release In docg3release, the docg3 pointer is obtained from cascade-floors0-priv before the loop that calls docreleasedevice on each floor. docreleasedevice frees the docg3 struct via...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46286

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

3.9CVSS5.3AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46287

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylinkconnectphy during probe and phylinkdisconnectphy during remove. It caused an RTNL assertion warning in...

5.5CVSS5.4AI score0.00168EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•10 views

SUSE CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

5.5CVSS5.5AI score0.0014EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:21 a.m.•29 views

SUSE CVE-2026-46289

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

5.5CVSS5.4AI score0.00457EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46290

In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 "x86/fpu: Improve crypto performance by making kernel-mode FPU reliably usable in softirqs", kernelfpubegin calls fpregslock which uses...

5.5CVSS5.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46291

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hashdigestkey Use printhexdumpdevel for dumping sensitive HMAC key bytes in hashdigestkey to avoid leaking secrets at runtime when CONFIGDYNAMICDEBUG is enabled...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46292

In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpddevpmattachbyid, genpd calls pmruntimeenable for the corresponding virtual device that it registers. While this...

5.5CVSS5.5AI score0.00177EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46293

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

5.5CVSS5.4AI score0.00173EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•14 views

SUSE CVE-2026-46294

In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson using Claude found a buffer overflow in dm-ioctl in the function retrievestatus: 1. The code in retrievestatus checks that the output string fits into the output buffer a...

4.1CVSS5.8AI score0.00195EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•6 views

SUSE CVE-2026-46295

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in kvmapicupdateirr even if PIR is empty Fall back to apicfindhighestvector when PID.ON is set but PIR turns out to be empty, to correctly report the highest pending interrupt from the existing IRR. In a...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•8 views

SUSE CVE-2026-46296

In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe back to s3c64xxspipreparetransfer failed to remove the corresponding deallocation from remove. Drop the bogus DMA channel release fro...

5.5CVSS5.4AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•7 views

SUSE CVE-2026-46297

In the Linux kernel, the following vulnerability has been resolved: net: libwx: use requestirq for VF misc interrupt Currently, requestthreadedirq is used with a primary handler but a NULL threaded handler, while also setting the IRQFONESHOT flag. This specific combination triggers a WARNING sinc...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46298

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can enter into a deadlock. This patch fixes both these handlers to take...

5.5CVSS5.5AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46299

In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplusfillsuper hfsplusfillsuper calls hfsfindinit to initialize a search structure, which acquires tree-treelock. If the subsequent call to hfspluscatbuildkey fails, the function jumps to the...

5.5CVSS5.5AI score0.00113EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•11 views

SUSE CVE-2026-46301

In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on driver unbind...

6.4CVSS5.4AI score0.00165EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•8 views

SUSE CVE-2026-46302

In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...

5.5CVSS5.5AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46303

In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to sbbread without checking that the block number is within the mounted I...

2.5CVSS5.6AI score0.00278EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•16 views

SUSE CVE-2026-46304

In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmetctrlfree nvmettcpreleasequeuework runs on nvmet-wq and can drop the final controller reference through nvmetcqput. If that triggers nvmetctrlfree, the teardown path flushes...

4.7CVSS5.4AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46305

In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: osdep: avoid NULL pointer dereference in rtwcbufalloc The return value of kzallocflex is used without ensuring that the allocation succeeded, and the pointer is dereferenced unconditionally. Guard the access t...

5.5CVSS5.4AI score0.00145EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

5.5CVSS5.4AI score0.00389EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46307

In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...

4.3CVSS5.4AI score0.0022EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•11 views

SUSE CVE-2026-46308

In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsysgetbusprotectionlegacy In scpsysgetbusprotectionlegacy, offindnodewithproperty returns a device node with its reference count incremented. The function then calls ofnodeputnode befo...

7CVSS5.4AI score0.00155EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

5.5CVSS5.4AI score0.00119EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•12 views

SUSE CVE-2026-46310

In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1drmcleanup where it should be calling...

5.5CVSS5.5AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•7 views

SUSE CVE-2026-46311

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7CVSS5.4AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•9 views

SUSE CVE-2026-46312

In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vmaflags in vb2dmasgmmap vb2dmacontig sets VMA flags VMDONTEXPAND and VMDONTDUMP and I do not see a reason why vb2dmasg should behave differently. This avoids hitting WARNON!vma-vmflags & VMDONTEXPAND; in...

5.5CVSS5.4AI score0.00156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•8 views

SUSE CVE-2026-46313

In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp-psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set to NULL before goin...

5.5CVSS5.3AI score0.00156EPSS
Exploits0References3
SUSE CVE
SUSE CVE
•added 2026/06/09 2:20 a.m.•10 views

SUSE CVE-2026-46314

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3dgetextensions walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can craft a self-referentia...

5.5CVSS5.4AI score0.00157EPSS
Exploits0References3
Total number of security vulnerabilities59189