VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2026-46100HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users to .mmap_prepare()"). This is because the .mmap invocation establishes a refcount

  • CVE-2026-46099HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NOREF dst on the skb, then pass it to dst_cache_set_ip6() invoking dst_hold() uncondi

  • CVE-2026-46098May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown `caif_connect()` can tear down an existing client after remote shutdown by calling `caif_disconnect_client()` followed by `caif_free_client()`. `caif_free_cli

  • CVE-2026-46097May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e ("Input: edt-ft5x06 - use per-client debugfs directory") removed the manual debugfs teardown, relying on the I2C core to handle

  • CVE-2026-46096May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_init() but fails to call tpm_buf_destroy() on two exit paths, leaking a page allocation: 1. When name_size()

  • CVE-2026-46095May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: raise barrier before state machine transition Move the barrier raise operation before calling llbitmap_state_machine() in both llbitmap_start_write() and llbitmap_start_discard(). This ensures t

  • CVE-2026-46094May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes

  • CVE-2026-46093HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan().

  • CVE-2026-46092May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upstream bridge existence pci_upstream_bridge() returns NULL if the device is on a root bus. If 8821CE is installed in the system with such a PCI topology, the probing routine will c

  • CVE-2026-46091May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. Hence it must obey the rules for DMA coherency. Allocate it separately.

  • CVE-2026-46090HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6

  • CVE-2026-46089May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: zram: do not forget to endio for partial discard requests As reported by Qu Wenruo and Avinesh Kumar, the following getconf PAGESIZE 65536 blkdiscard -p 4k /dev/zram0 takes literally forever to complete.

  • CVE-2026-46088May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() snd_ctl_elem_init_enum_names() advances pointer p through the names buffer while decrementing buf_len. If buf_len reaches zero

  • CVE-2026-46087May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start() Destroy the DAMON context and reset the global pointer when damon_start() fails. Otherwise, the context allocated by damon_stat_bui

  • CVE-2026-46086May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by `fdb_delete_local()`, which updates `f->dst` to another port or to `NULL` while keeping the entry alive.

  • CVE-2026-46085HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM errors from decryption by aborting. Further, remove the WARN_ON_ONCE() so that it

  • CVE-2026-46084May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed (e.g. DPDK exit), mana_ib_destroy_qp_rss() destroys the RX WQ objects but does not disable vPort RX steering in firmware. This lea

  • CVE-2026-46083May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup() if spi_setup() fails while registering a device to avoid leaking any resources allocated by setup().

  • CVE-2026-46082May 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inject #UD when EFER.SVME=0. [sean: tag for stable@]

  • CVE-2026-46081HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_reqchain_done() is invoked on asynchronous completion, it receives &req->chain as t

Page 11 of 72