VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2026-46020HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos_quota_goal->nid for node_mem_{used,free}_bp Patch series "mm/damon/core: validate damos_quota_goal->nid". node_mem[cg]_{used,free}_bp DAMOS quota goals receive the node id. The n

  • CVE-2026-46019MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup atmel_aes_buff_init() allocates 4 pages using __get_free_pages() with ATMEL_AES_BUFFER_ORDER, but atmel_aes_buff_cleanup() frees only the fir

  • CVE-2026-46018MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES parse_uac2_sample_rate_range() caps the number of enumerated rates at MAX_NR_RATES, but it only breaks out of the current rate loop. A malformed UAC2 RAN

  • CVE-2026-46017MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm: fix deferred split queue races during migration migrate_folio_move() records the deferred split queue state from src and replays it on dst. Replaying it after remove_migration_ptes(src, dst, 0) makes dst v

  • CVE-2026-46016MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: remoteproc: xlnx: Only access buffer information if IPI is buffered In the receive callback check if message is NULL to prevent possibility of crash by NULL pointer dereferencing.

  • CVE-2026-46015HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: call sk_data_ready() after listener migration When inet_csk_listen_stop() migrates an established child socket from a closing listener to another socket in the same SO_REUSEPORT group, the target listener

  • CVE-2026-46014MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Add missing save/restore handling of LBR MSRs MSR_IA32_DEBUGCTLMSR and LBR MSRs are currently not enumerated by KVM_GET_MSR_INDEX_LIST, and LBR MSRs cannot be set with KVM_SET_MSRS. So save/restore is

  • CVE-2026-46013MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/memfd_luo: fix physical address conversion in put_folios cleanup In memfd_luo_retrieve_folios()'s put_folios cleanup path: 1. kho_restore_folio() expects a phys_addr_t (physical address) but receives a r

  • CVE-2026-46012MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix memory leaks in rxkad_verify_response() Fix rxkad_verify_response() to free the ticket and the server key under all circumstances by initialising the ticket pointer to NULL and then making all paths

  • CVE-2026-46011HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk_jpeg_release() function frees the context structure (ctx) without first cancelling any pending or running work in ctx->jpeg_wo

  • CVE-2026-46010HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that rxgk_decrypt_skb() returns -ENOMEM, it should just return that rather than contin

  • CVE-2026-46009MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is supposed to do later. This leads to an oops when .allow_link fails or when .drop_l

  • CVE-2026-46008MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix damos_walk() vs kdamond_fn() exit race When kdamond_fn() main loop is finished, the function cancels remaining damos_walk() request and unset the damon_ctx->kdamond so that API callers and AP

  • CVE-2026-46007MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Avoid cacheline sharing for DMA buffer Depending on the architecture the transfer buffer may share a cacheline with the following mutex. As the buffer may be used for DMA, that is problematic.

  • CVE-2026-46006HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau_gem_pushbuf_reloc_apply() validates each relocation with if (r->reloc_bo_offset + 4 > nvbo->bo.base.size) but reloc_bo_offset is __u32 (

  • CVE-2026-46005MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: xfs: fix a resource leak in xfs_alloc_buftarg() In the error path, call fs_put_dax() to drop the DAX device reference.

  • CVE-2026-46004HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setup_card() in caiaq driver doesn't treat the error cases gracefully, e.g. the error from snd_card_register() calls snd_card_free() but continue

  • CVE-2026-46003MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the total number of nodes Currently, the nameserver doesn't limit the number of nodes it handles. This can be an attack vector if a malicious client starts registering random nodes, leading

  • CVE-2026-46002MedMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ext2: reject inodes with zero i_nlink and valid mode in ext2_iget() ext2_iget() already rejects inodes with i_nlink == 0 when i_mode is zero or i_dtime is set, treating them as deleted. However, the case of i_n

  • CVE-2026-46001HigMay 27, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data() Fix two bugs in pt5161l_read_block_data(): 1. Buffer overrun: The local buffer rbuf is declared as u8 rbuf[24], but i2c_smbus_read_block_data() can ret

Page 15 of 72