VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2026-46288HigJun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct device_node. The call to of

  • CVE-2026-46287Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylink_connect_phy() during probe and phylink_disconnect_phy() during remove. It caused an RTNL

  • CVE-2026-46286Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELD_GET() is used to pull from a 3 bit register, yet the array being index

  • CVE-2026-46285Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_release() In docg3_release(), the docg3 pointer is obtained from cascade->floors[0]->priv before the loop that calls doc_release_device() on each floor. doc_release_devic

  • CVE-2026-46284Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or default_hugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing p

  • CVE-2026-46283Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() tpm_dev_release() uses plain kfree() to free chip->auth, which contains sensitive cryptographic material including HMAC session keys, nonces,

  • CVE-2026-46282Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device_property_read_string() fails, str is left uninitialized but the code falls through to strcmp(str, ...), dereferencing a garbage pointer.

  • CVE-2026-46281Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_node_align() Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc") added the ability to force a new allocation if the current pointer is on the wro

  • CVE-2026-46280HigJun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmm_test fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zen

  • CVE-2026-46279Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/alloc_tag: clear codetag for pages allocated before page_ext initialization Due to initialization ordering, page_ext is allocated and initialized relatively late during boot. Some pages have already been al

  • CVE-2026-46278Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. [ 171.549793] Unable to handle kernel NULL pointer dereference at virtual address 00000

  • CVE-2026-46277HigJun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change after calling ->folio_free(), as the folio may be reallocated by a driver with a diff

  • CVE-2026-46276Jun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory resources. The gfx_v12_0 initialisation code correctly leaves adev->gds.gds_size, adev->gds.

  • CVE-2026-46275HigJun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free (UAF) and Null Pointer Dereference (NPD) conditions were observed in the lifecycle management

  • CVE-2026-46274HigJun 8, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled work was the tail of its hash bucket. When doing this, it checks whe

  • CVE-2026-46273HigJun 3, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapte

  • CVE-2026-46244CriJun 3, 2026
    affected < 7.0.12-1.1fixed 7.0.12-1.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() correctly computes the transport header offset traversing all extension headers,

  • CVE-2026-46243HigJun 1, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in

  • CVE-2026-46242HigMay 30, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: eventpoll: fix ep_remove struct eventpoll / struct file UAF ep_remove() (via ep_remove_file()) cleared file->f_ep under file->f_lock but then kept using @file inside the critical section (is_file_epoll(), hlist

  • CVE-2026-46241HigMay 28, 2026
    affected < 7.0.11-1.1fixed 7.0.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak. This issue was

Page 3 of 72