VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2026-31629HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is LLCP_CLOSED, the code correctly calls release_sock() and nfc_llcp_sock_put() but

  • CVE-2026-31628MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operations. Those results can be leaked by another, attacker thread. Fix that with a ch

  • CVE-2026-31627HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX before

  • CVE-2026-31626HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Initialize le_tmp64 to zero in rtw_BIP_verify() to prevent using uninitialized data. Smatch warns that only 6 bytes are copied to this 8-byte (u64) v

  • CVE-2026-31625MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alps_raw_event() Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them") attempted to fix up the HID drivers that had missed the

  • CVE-2026-31624MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a value that comes directly from a HID device. The HID parser bounds report_size onl

  • CVE-2026-31623MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() A malicious USB device claiming to be a CDC Phonet modem can overflow the skb_shared_info->frags[] array by sending an unbounded sequence of full-

  • CVE-2026-31622HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digital_in_recv_sdd_res() appends 3 or 4 bytes to target->nfcid1 on each round, but the number of casca

  • CVE-2026-31621MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliary_device_uninit() in error path When auxiliary_device_add() fails, the error block calls auxiliary_device_uninit() but does not return. The uninit drops the last reference and synchr

  • CVE-2026-31620MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 A malicious USB device with the TASCAM US-144MKII device id can have a configuration containing bInterfaceNumber=1 but no interface 0. USB configur

  • CVE-2026-31619MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efr_status_names[] has 17 entries so a status val

  • CVE-2026-31618MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide by zero error"), we also need to prevent that same crash from happening in the

  • CVE-2026-31617MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() The block_len read from the host-supplied NTB header is checked against ntb_max but has no lower bound. When block_len is smaller than opts->nd

  • CVE-2026-31616MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow the skb_shared_info->frags[] array on a Linux gadget exposing a Phonet function by sending an unboun

  • CVE-2026-31615MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint number from the host-supplied wIndex without any sort of valida

  • CVE-2026-31614HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in check_wsl_eas() The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA name and value, but ea_data sits at offset sizeof(struct smb2_file_full_ea_info) =

  • CVE-2026-31613HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() returns success without any length validation, leaving the symlink parsers as the

  • CVE-2026-31612HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate EaNameLength in smb2_get_ea() smb2_get_ea() reads ea_req->EaNameLength from the client request and passes it directly to strncmp() as the comparison length without verifying that the length of t

  • CVE-2026-31611HigApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and on match reads sid.sub_auth[2] as the file mode. If sid_unix_NFS_mode is the prefix

  • CVE-2026-31610MedApr 24, 2026
    affected < 7.0.3-1.1fixed 7.0.3-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incrementally as it walks the input. When ksmbd_decode_negTokenInit() reaches the mechTo

Page 20 of 72