VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2026-23235Mar 4, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix out-of-bounds access in sysfs attribute read/write Some f2fs sysfs attributes suffer from out-of-bounds memory access and incorrect handling of integer values whose size is not 4 bytes. For example:

  • CVE-2026-23234Mar 4, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_write_end_io() As syzbot reported an use-after-free issue in f2fs_write_end_io(). It is caused by below race condition: loop device umount - worker_thread - loop_process_wor

  • CVE-2026-23233Mar 4, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid mapping wrong physical block for swapfile Xiaolong Guo reported a f2fs bug in bugzilla [1] [1] https://bugzilla.kernel.org/show_bug.cgi?id=220951 Quoted: "When using stress-ng's swap stres

  • CVE-2026-23232Mar 4, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: Revert "f2fs: block cache/dio write during f2fs_enable_checkpoint()" This reverts commit 196c81fdd438f7ac429d5639090a9816abb9760a. Original patch may cause below deadlock, revert it. write remount - write_

  • CVE-2025-71238Mar 4, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix bsg_done() causing double free Kernel panic observed on system, [5353358.825191] BUG: unable to handle page fault for address: ff5f5e897b024000 [5353358.825194] #PF: supervisor write access

  • CVE-2026-23231HigMar 4, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg

  • CVE-2026-23230HigFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may r

  • CVE-2026-23229MedFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: virtio - Add spinlock protection with virtqueue notification When VM boots with one virtio-crypto PCI device and builtin backend, run openssl benchmark command with multiple processes, such as openssl

  • CVE-2026-23228MedFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_co

  • CVE-2026-23227HigFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free Exynos Virtual Display driver performs memory alloc/free operations without lock protection, which ea

  • CVE-2026-23226HigFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds

  • CVE-2026-23225HigFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspac

  • CVE-2026-23224HigFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108 [ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198 [

  • CVE-2026-23222HigFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist pointers, not scatterlist obje

  • CVE-2026-23220MedFeb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In __process_request(), if check_sign_req() return

  • CVE-2026-23223Feb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: xfs: fix UAF in xchk_btree_check_block_owner We cannot dereference bs->cur when trying to determine if bs->cur aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed. Fix this by sampling before type

  • CVE-2026-23221Feb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_store() uses driver_set_o

  • CVE-2025-71237Feb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small. Since nblocks is of type sector_t,

  • CVE-2025-71236Feb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System crash with the following signature [154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete [154564.169363] qla2xxx [0000:b0:00.1]-3

  • CVE-2025-71235Feb 18, 2026
    affected < 6.19.8-1.1fixed 6.19.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. [105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 [105954.3

Page 23 of 72