rpm package
opensuse/kernel-source&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,435)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-52907 | Hig | 7.8 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix | |
| CVE-2026-52906 | Hig | 7.7 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by v9fs_se | |
| CVE-2026-52905 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a bug that allows unaligned DAMON region address ranges. Commit | ||
| CVE-2026-52904 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just a | ||
| CVE-2026-46332 | Hig | 8.0 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer before parsing bootloader packets. The helper can keep leftover bytes between | |
| CVE-2026-46324 | Hig | 7.8 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a ne | |
| CVE-2026-46323 | Hig | 7.8 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag. When SKBFL_ | |
| CVE-2026-46322 | Hig | 7.1 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhost_net_b | |
| CVE-2026-46321 | Hig | 7.1 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter than ETH_HLEN without freeing the page that vhost_net_build_xdp() allocated for it. tun_sendmsg() discar | |
| CVE-2026-46320 | Hig | 7.4 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap_get_user_xdp() rejects a frame shorter than ETH_HLEN with -EINVAL, and returns -ENOMEM when build_skb() fails. Both paths jump to the err label without fr | |
| CVE-2026-46319 | Hig | 7.8 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table in act_ct in tcf_ct_flow_table_get(), rhashtable_lookup_fast() internally opens and closes an RCU read critical section bef | |
| CVE-2026-46318 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to use mmap_prepare") with conflict resolution to account for changes in commit ea52 | ||
| CVE-2026-46317 | Hig | 8.8 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the MMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which can run | |
| CVE-2026-46316 | Cri | 9.3 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each en | |
| CVE-2026-46315 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 9, 2026 | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::info and later copies them to userspace siginfo. The prep path initializes the re | ||
| CVE-2026-46314 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can | ||
| CVE-2026-46313 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set | ||
| CVE-2026-46312 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a reason why vb2_dma_sg should behave differently. This avoids hitting `WARN_ON(!( | ||
| CVE-2026-46311 | Hig | 7.8 | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while | |
| CVE-2026-46310 | — | < 7.0.12-1.1 | 7.0.12-1.1 | Jun 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should |
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by v9fs_se
- CVE-2026-52905Jun 9, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_region") introduced a bug that allows unaligned DAMON region address ranges. Commit
- CVE-2026-52904Jun 9, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, the error path returns directly without unwinding the nvkm_device that was just a
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer before parsing bootloader packets. The helper can keep leftover bytes between
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a ne
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag. When SKBFL_
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: tun: free page on build_skb failure in tun_xdp_one() When build_skb() fails in tun_xdp_one(), the function sets ret to -ENOMEM and jumps to the out label, which returns without freeing the page that vhost_net_b
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tun_xdp_one() tun_xdp_one() returns -EINVAL on a frame shorter than ETH_HLEN without freeing the page that vhost_net_build_xdp() allocated for it. tun_sendmsg() discar
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: tap: free page on error paths in tap_get_user_xdp() tap_get_user_xdp() rejects a frame shorter than ETH_HLEN with -EINVAL, and returns -ENOMEM when build_skb() fails. Both paths jump to the err label without fr
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table in act_ct in tcf_ct_flow_table_get(), rhashtable_lookup_fast() internally opens and closes an RCU read critical section bef
- CVE-2026-46318Jun 9, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to use mmap_prepare") with conflict resolution to account for changes in commit ea52
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the MMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which can run
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each en
- CVE-2026-46315Jun 9, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::info and later copies them to userspace siginfo. The prep path initializes the re
- CVE-2026-46314Jun 8, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a userspace-provided singly-linked list of ioctl extensions without any bound on the chain length. A local user can
- CVE-2026-46313Jun 8, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this condition is true and the error pointer is dereferenced. So isp-psys should be set
- CVE-2026-46312Jun 8, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a reason why vb2_dma_sg should behave differently. This avoids hitting `WARN_ON(!(
- affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while
- CVE-2026-46310Jun 8, 2026affected < 7.0.12-1.1fixed 7.0.12-1.1
In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereference. This is caused by the cleanup code calling vsp1_drm_cleanup() where it should
Page 1 of 72