rpm package
opensuse/kernel-source&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,435)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46220 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions | |
| CVE-2026-46219 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free. | |
| CVE-2026-46218 | Hig | 7.1 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible fo | |
| CVE-2026-46217 | — | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||
| CVE-2026-46216 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() When media GT is disabled via configfs, there is no allocation for media_gt, which is kept as NULL. In such scenario, intel_hdcp_gsc_ch | |
| CVE-2026-46215 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could del | |
| CVE-2026-46214 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different | |
| CVE-2026-46213 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 ("HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe") added timer_delete_sync(&kbd->inactivity_timer) to both the | |
| CVE-2026-46212 | Hig | 8.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry it | |
| CVE-2026-46211 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() msm_ioctl_gem_info_get_metadata() always returns 0 regardless of errors. When copy_to_user() fails or the user buffer is too small, the error | |
| CVE-2026-46210 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst->lock while the core->lock protects the list | |
| CVE-2026-46209 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions using plain integer division: unsigned int width = mo | |
| CVE-2026-46208 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink request has already finished. When the mesh interface is removed, batadv_mesh_free( | |
| CVE-2026-46207 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtio_transport_build_skb() goes through virtio_transport_copy_nonlinear_skb() to copy the original payload in the new skb | |
| CVE-2026-46206 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tp_meter sessions during teardown Prevent tp_meter from starting new sender or receiver sessions after mesh_state has left BATADV_MESH_ACTIVE. | |
| CVE-2026-46205 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in | |
| CVE-2026-46204 | Hig | 7.1 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing IB Rewrite the IB parsing to use amdgpu_ib_get_value() which handles the bounds checks. | |
| CVE-2026-46203 | Hig | 7.1 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by S | |
| CVE-2026-46202 | Med | 5.5 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlight_device->ops_lock via backlight_device_set_brightness() -> mutex_lock() from two different atomic cont | |
| CVE-2026-46201 | Hig | 7.8 | < 7.0.11-1.1 | 7.0.11-1.1 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When xe_dma_buf_init_obj() fails, the attachment from dma_buf_dynamic_attach() is not detached. Add dma_buf_detach() before returning the error. Note |
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) assertions that verify fence writeback addresses are dword-aligned. These assertions
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free.
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add bounds checking to ib_{get,set}_value The uvd/vce/vcn code accesses the IB at predefined offsets without checking that the IB is large enough. Check the bounds here. The caller is responsible fo
- CVE-2026-46217May 28, 2026affected < 7.0.11-1.1fixed 7.0.11-1.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() When media GT is disabled via configfs, there is no allocation for media_gt, which is kept as NULL. In such scenario, intel_hdcp_gsc_ch
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could del
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 ("HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe") added timer_delete_sync(&kbd->inactivity_timer) to both the
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: prevent use-after-free when deleting claims When batadv_bla_del_backbone_claims() removes all claims for a backbone, it does this by dropping the link entry in the hash list. This list entry it
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() msm_ioctl_gem_info_get_metadata() always returns 0 regardless of errors. When copy_to_user() fails or the user buffer is too small, the error
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst->lock while the core->lock protects the list
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions using plain integer division: unsigned int width = mo
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop tp_meter sessions during mesh teardown TP meter sessions remain linked on bat_priv->tp_list after the netlink request has already finished. When the mesh interface is removed, batadv_mesh_free(
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtio_transport_build_skb() goes through virtio_transport_copy_nonlinear_skb() to copy the original payload in the new skb
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject new tp_meter sessions during teardown Prevent tp_meter from starting new sender or receiver sessions after mesh_state has left BATADV_MESH_ACTIVE.
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Disallow all private IOCTLs Disallow all private IOCTLs. These aren't quite as safe as one could assume of IOCTL handlers; disable them for now. Instead of removing the code, return in
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Prevent OOB reads when parsing IB Rewrite the IB parsing to use amdgpu_ib_get_value() which handles the bounds checks.
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by S
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlight_device->ops_lock via backlight_device_set_brightness() -> mutex_lock() from two different atomic cont
- affected < 7.0.11-1.1fixed 7.0.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix dma-buf attachment leak in xe_gem_prime_import() When xe_dma_buf_init_obj() fails, the attachment from dma_buf_dynamic_attach() is not detached. Add dma_buf_detach() before returning the error. Note
Page 5 of 72