rpm package
opensuse/kernel-source&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,435)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46000 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however, the sk_buff may be shared with a packet sniffer, | |
| CVE-2026-45999 | Hig | 7.1 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() Some crafted images can have illegal (!partial_decoding && m_llen < m_plen) extents, and the LZ4 inplace decompression path can be wrongly hit, but | |
| CVE-2026-45998 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL' | |
| CVE-2026-45997 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The de | |
| CVE-2026-45996 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed). Take another reference | |
| CVE-2026-45995 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_struct uaf io_free_rbuf_ring() usees a struct user_struct, which io_zcrx_ifq_free() puts it down before destroying the ring. | |
| CVE-2026-45994 | Hig | 7.1 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in command_file_write due to missing size checks The command_file_write() handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the b | |
| CVE-2026-45993 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add spectre boundry for syscall dispatch table The LoongArch syscall number is directly controlled by userspace, but does not have a array_index_nospec() boundry to prevent access past the syscall fu | |
| CVE-2026-45992 | — | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||
| CVE-2026-45991 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in part_descs_loc[]. handle_partition_descriptor() dedup | |
| CVE-2026-45990 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: slub: fix data loss and overflow in krealloc() Commit 2cd8231796b5 ("mm/slub: allow to set node and align in k[v]realloc") introduced the ability to force a reallocation if the original object does not satisfy | |
| CVE-2026-45989 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrv_probe() The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the | |
| CVE-2026-45988 | Cri | 9.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just | |
| CVE-2026-45987 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nested_sync_control_from_vmcb02() syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because | |
| CVE-2026-45986 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - fix a memory leak in cc_mac_digest() Add cc_unmap_result() if cc_map_hash_request_final() fails to prevent potential memory leak. | |
| CVE-2026-45846 | — | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. The socket is only create | ||
| CVE-2026-45845 | — | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft() is called with new == NULL and stores NULL into q->qdiscs[cl - 1]. Subsequent | ||
| CVE-2026-45844 | — | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arp_packet_match() unconditionally parses the ARP payload assuming two hardware addresses are present (source and target). However, IP | ||
| CVE-2026-45843 | Hig | 8.2 | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing a pointer through the packet via decode() and pull16(). Neither helper bounds-che | |
| CVE-2026-45842 | — | < 7.0.11-1.1 | 7.0.11-1.1 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc_init() accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation l |
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix conn-level packet handling to unshare RESPONSE packets The security operations that verify the RESPONSE packets decrypt bits of it in place - however, the sk_buff may be shared with a packet sniffer,
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() Some crafted images can have illegal (!partial_decoding && m_llen < m_plen) extents, and the LZ4 inplace decompression path can be wrongly hit, but
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential UAF after skb_unshare() failure If skb_unshare() fails to unshare a packet due to allocation failure in rxrpc_input_packet(), the skb pointer in the parent (rxrpc_io_thread()) will be NULL'
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails If device_add(&sdkp->disk_dev) fails, put_device() runs scsi_disk_release(), which frees the scsi_disk but leaves the gendisk referenced. The de
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: spi: imx: fix use-after-free on unbind The SPI subsystem frees the controller and any subsystem allocated driver data as part of deregistration (unless the allocation is device managed). Take another reference
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix user_struct uaf io_free_rbuf_ring() usees a struct user_struct, which io_zcrx_ifq_free() puts it down before destroying the ring.
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix OOB reads in command_file_write due to missing size checks The command_file_write() handler allocates a kernel buffer of exactly count bytes and copies user data into it, but does not validate the b
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add spectre boundry for syscall dispatch table The LoongArch syscall number is directly controlled by userspace, but does not have a array_index_nospec() boundry to prevent access past the syscall fu
- CVE-2026-45992May 27, 2026affected < 7.0.11-1.1fixed 7.0.11-1.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in part_descs_loc[]. handle_partition_descriptor() dedup
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: slub: fix data loss and overflow in krealloc() Commit 2cd8231796b5 ("mm/slub: allow to set node and align in k[v]realloc") introduced the ability to force a reallocation if the original object does not satisfy
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in testdrv_probe() The function testdrv_probe() retrieves the device_node from the PCI device, applies an overlay, and then immediately calls of_node_put(dn). This releases the
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix re-decryption of RESPONSE packets If a RESPONSE packet gets a temporary failure during processing, it may end up in a partially decrypted state - and then get requeued for a retry. Fix this by just
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nested_sync_control_from_vmcb02() syncs fields written by the CPU from vmcb02 to the cached vmcb12. This is because
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ccree - fix a memory leak in cc_mac_digest() Add cc_unmap_result() if cc_map_hash_request_final() fails to prevent potential memory leak.
- CVE-2026-45846May 27, 2026affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. The socket is only create
- CVE-2026-45845May 27, 2026affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft() is called with new == NULL and stores NULL into q->qdiscs[cl - 1]. Subsequent
- CVE-2026-45844May 27, 2026affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arp_packet_match() unconditionally parses the ARP payload assuming two hardware addresses are present (source and target). However, IP
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing a pointer through the packet via decode() and pull16(). Neither helper bounds-che
- CVE-2026-45842May 27, 2026affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc_init() accepts rslots == 0 as a valid configuration, with the documented meaning of 'no receive compression'. In that case the allocation l
Page 16 of 72