SUSE CVE-2026-31679

In the Linux kernel, the following vulnerability has been resolved: openvswitch: validate MPLS set/setmasked payload length validateset accepted OVSKEYATTRMPLS as variable-sized payload for SET/SETMASKED actions. In action handling, OVS expects fixed-size MPLS key data struct ovskeympls. Use the...

SUSE CVE-2026-31680

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: flowlabel: defer exclusive option free until RCU teardown ip6flseqshow walks the global flowlabel hash under the seq-file RCU read-side lock and prints fl-opt-optnflen when an option block is present. Exclusive...

SUSE CVE-2026-31681

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtmultiport: validate range encoding in checkentry portsmatchv1 treats any non-zero pflags entry as the start of a port range and unconditionally consumes the next ports element as the range end. The checkentry path...

SUSE CVE-2026-31682

In the Linux kernel, the following vulnerability has been resolved: bridge: brndsend: linearize skb before parsing ND options brndsend parses neighbour discovery options from ns-opt and assumes that these options are in the linear part of request. Its callers only guarantee that the ICMPv6 header...

SUSE CVE-2026-31683

In the Linux kernel, the following vulnerability has been resolved: batman-adv: avoid OGM aggregation when skb tailroom is insufficient When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packetlen bytes, while a later packet can still ...

SUSE CVE-2026-31684

In the Linux kernel, the following vulnerability has been resolved: net: sched: actcsum: validate nested VLAN headers tcfcsumact walks nested VLAN headers directly from skb-data when an skb still carries in-payload VLAN tags. The current code reads vlan-hvlanencapsulatedproto and then pulls...

SUSE CVE-2026-31685

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6teui64: reject invalid MAC header for all packets eui64mt6 derives a modified EUI-64 from the Ethernet source address and compares it with the low 64 bits of the IPv6 source address. The existing guard only rejects ...

SUSE CVE-2009-1636

Multiple buffer overflows in the Internet Agent aka GWIA component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via 1 a crafted e-mail address in an SMTP session or 2 an SMTP command...

SUSE CVE-2025-66286

An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP request...

SUSE CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

SUSE CVE-2026-6919

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-6920

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-6921

Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. Chromium security severity: Medium...

SUSE CVE-2026-31534

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

SUSE CVE-2026-31535

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

SUSE CVE-2026-31536

In the Linux kernel, the following vulnerability has been resolved: smb: server: let senddone handle a completion without IBSENDSIGNALED With smbdirectsendbatch processing we likely have requests without IBSENDSIGNALED, which will be destroyed in the final request that has IBSENDSIGNALED set. If...

SUSE CVE-2026-31537

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.sendio.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate empty send. In order to fix this we'll have a single...

SUSE CVE-2026-31538

In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

SUSE CVE-2026-31539

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

SUSE CVE-2026-31540

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check setdefaultsubmission before deferencing When the i915 driver firmware binaries are not present, the setdefaultsubmission pointer is not set. This pointer is dereferenced during suspend anyways. Add a check to...

SUSE CVE-2026-31541

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix tracemarker copy link list updates When the "copytracemarker" option is enabled for an instance, anything written into /sys/kernel/tracing/tracemarker is also copied into that instances buffer. When the option is set...

SUSE CVE-2026-31542

In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCKEMPTY 0xffff. This causes a panic while allocating UV hub info structures. Fix this by using NUMANONODE, allowing UV hub info structur...

SUSE CVE-2026-31543

In the Linux kernel, the following vulnerability has been resolved: crashdump: don't log dm-crypt key bytes in readkeyfromuserkeying When debug logging is enabled, readkeyfromuserkeying logs the first 8 bytes of the key payload and partially exposes the dm-crypt key. Stop logging any key bytes...

SUSE CVE-2026-31544

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 "firmware: armscmi: Avoid notifier registration for unsupported events" the call chains leading to the helper scmieventhandlergetops expect a...

SUSE CVE-2026-31545

In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This fixes a WARNON' and allows the driver to operate GPIOs which are connected to I2C GPIO expanders. -- 8 -- kernel: WARNING: CPU: 3 PID: 2636 at...

SUSE CVE-2026-31546

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bonddebugrlbhashshow rlbclearslave intentionally keeps RLB hash-table entries on the rxhashtblusedhead list with slave set to NULL when no replacement slave is available. However,...

SUSE CVE-2026-31547

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires the caller to already hold an outer runtime PM reference and warns if...

SUSE CVE-2026-31548

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

SUSE CVE-2026-31549

In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the string exists. Verify that the device has a serial number before...

SUSE CVE-2026-31550

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835asbcontrol function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently...

SUSE CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

SUSE CVE-2026-31552

In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 "wifi: wlcore: ensure skb headroom before skbpush", wl1271txallocate and with it wl1271preparetxframe returns...

SUSE CVE-2026-31553

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in kvmatswapdesc Using "u64 user hva + offset" to get the virtual addresses of S1/S2 descriptors looks really wrong, if offset is not zero. What we want to get for swapping is hva + offset,...

SUSE CVE-2026-31554

In the Linux kernel, the following vulnerability has been resolved: futex: Require sysfutexrequeue to have identical flags Nicholas reported that his LLM found it was possible to create a UaF when sysfutexrequeue is used with different flags. The initial motivation for allowing different flags wa...

SUSE CVE-2026-31555

In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futexlockpi retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex/core.c:825 at waitforownerexiting+0x7a/0x80, CPU11: futexlockpis/524 When futexlockpiatomic sees the owner i...

SUSE CVE-2026-31556

In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchkquotaitem can return early after calling xchkfblockprocesserror. When that helper returns false, the function returned immediately without dropping dq-qqlock, which...

SUSE CVE-2026-31557

In the Linux kernel, the following vulnerability has been resolved: nvmet: move async event work off nvmet-wq For target nvmetctrlfree flushes ctrl-asynceventwork. If nvmetctrlfree runs on nvmet-wq, the flush re-enters workqueue completion for the same worker:- A. Async event work queued on...

SUSE CVE-2026-31558

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Make kvmgetvcpubycpuid more robust kvmgetvcpubycpuid takes a cpuid parameter whose type is int, so cpuid can be negative. Let kvmgetvcpubycpuid return NULL for this case so as to make it more robust. This fix an...

SUSE CVE-2026-31559

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup 1. Replace "offindnodebypath"/"" with "ofroot" to avoid multiple calls to "ofnodeput". 2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU...

SUSE CVE-2026-31560

In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr struc...

SUSE CVE-2026-31561

In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86CR4FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so that whenever something else modifies CR4, that bit remains set. Which in itself is a perfectly fine...

SUSE CVE-2026-31562

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipidsihostregister The call to mipidsihostregister triggers a callback to mtkdsibind, which uses devgetdrvdata to retrieve the mtkdsi struct, so this structure needs to be...

SUSE CVE-2026-31563

In the Linux kernel, the following vulnerability has been resolved: net: macb: Use devconsumeskbany to free TX SKBs The napiconsumeskb function is not intended to be called in an IRQ disabled context. However, after commit 6bc8a5098bf4 "net: macb: Fix txptrlock locking", the freeing of TX SKBs is...

SUSE CVE-2026-31564

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvmeiointcregsaccess In function kvmeiointcregsaccess, the register base address is caculated from array base address plus offset, the offset is absolute value from the base address...

SUSE CVE-2026-31565

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix deadlock during netdev reset with active connections Resolve deadlock that occurs when user executes netdev reset while RDMA applications e.g., rping are active. The netdev reset causes ice driver to remove irdma...

SUSE CVE-2026-31566

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix fence put before wait in amdgpuamdkfdsubmitib amdgpuamdkfdsubmitib submits a GPU job and gets a fence from amdgpuibschedule. This fence is used to wait for job completion. Currently, the code drops the fence...

SUSE CVE-2026-31567

In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARNON from pmrestoregfpmask Commit 35e4a69b2003f "PM: sleep: Allow pmrestrictgfpmask stacking" introduced refcount-based GFP mask management that warns when pmrestoregfpmask is called with savedgfpcount ...

SUSE CVE-2026-31568

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exceptions happen in a kernel context for pages that don't have the PGarch1 bit set. That bit is set for...

SUSE CVE-2026-31569

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Handle the case that EIOINTC's coremap is empty EIOINTC's coremap in eiointcupdateswcoremap can be empty, currently we get a cpuid with -1 in this case, but we actually need 0 because it's similar as the case that...

SUSE CVE-2026-31570

In the Linux kernel, the following vulnerability has been resolved: can: gw: fix OOB heap access in cgwcsumcrc8rel cgwcsumcrc8rel correctly computes bounds-safe indices via calcidx: int from = calcidxcrc8-fromidx, cf-len; int to = calcidxcrc8-toidx, cf-len; int res = calcidxcrc8-resultidx, cf-len...