rpm package
suse/ovmf&distro=SUSE Linux Enterprise Server 16.0
pkg:rpm/suse/ovmf&distro=SUSE%20Linux%20Enterprise%20Server%2016.0
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34874 | Hig | 7.5 | < 202502-160000.5.1 | 202502-160000.5.1 | Apr 1, 2026 | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. | |
| CVE-2026-25835 | Hig | 7.7 | < 202502-160000.5.1 | 202502-160000.5.1 | Apr 1, 2026 | Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). | |
| CVE-2026-25833 | Hig | 7.5 | < 202502-160000.5.1 | 202502-160000.5.1 | Apr 1, 2026 | Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function | |
| CVE-2026-25834 | Med | 6.5 | < 202502-160000.5.1 | 202502-160000.5.1 | Apr 1, 2026 | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | |
| CVE-2025-59438 | — | < 202502-160000.4.1 | 202502-160000.4.1 | Oct 21, 2025 | Mbed TLS through 3.6.4 has an Observable Timing Discrepancy. |
- affected < 202502-160000.5.1fixed 202502-160000.5.1
An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0.
- affected < 202502-160000.5.1fixed 202502-160000.5.1
Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
- affected < 202502-160000.5.1fixed 202502-160000.5.1
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
- affected < 202502-160000.5.1fixed 202502-160000.5.1
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
- CVE-2025-59438Oct 21, 2025affected < 202502-160000.4.1fixed 202502-160000.4.1
Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.