Vendor CVEs
SUSE S.A.
All CVEs
1,447 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46227 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL The SCTP_SENDALL path in sctp_sendmsg() iterates ep->asocs with list_for_each_entry_safe(), which caches the next entry in @tmp before… | ||
| CVE-2026-46219 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free. | ||
| CVE-2026-46215 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could… | ||
| CVE-2026-46213 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 ("HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe") added timer_delete_sync(&kbd->inactivity_timer) to both the… | ||
| CVE-2026-46210 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst->lock while the core->lock protects the list… | ||
| CVE-2026-46183 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock damon_sysfs_quot_goal->path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters… | ||
| CVE-2026-46173 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls… | ||
| CVE-2026-46162 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev). The device release… | ||
| CVE-2026-46157 | Hig | 0.44 | 7.8 | 0.00 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it… | ||
| CVE-2026-46093 | Hig | 0.44 | 7.8 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan().… | ||
| CVE-2026-46081 | Hig | 0.44 | 7.8 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_reqchain_done() is invoked on asynchronous completion, it receives &req->chain as… | ||
| CVE-2026-46076 | Hig | 0.44 | 7.9 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and… | ||
| CVE-2026-46062 | Hig | 0.44 | 7.8 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw addition which can wrap around for large lcn and len values, bypassing… | ||
| CVE-2026-46058 | Hig | 0.44 | 7.8 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run with the… | ||
| CVE-2026-46045 | Hig | 0.44 | 7.8 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not in_sync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only… | ||
| CVE-2026-46036 | Hig | 0.44 | 7.8 | 0.00 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates on the vdev->cdx_irqs array based on its value, but provides no serialization… | ||
| CVE-2026-43502 | Hig | 0.44 | 7.8 | 0.00 | May 21, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently… | ||
| CVE-2026-43499 | Hig | 0.44 | 7.8 | 0.00 | May 21, 2026 | In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from… | ||
| CVE-2026-43494 | Hig | 0.44 | 7.8 | 0.00 | May 21, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. … | ||
| CVE-2026-43460 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which automatically unregisters the controller via devm cleanup when the device is… | ||
| CVE-2026-43458 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_write_room() when caif_serial's TX path calls tty_write_room(). The faulting access… | ||
| CVE-2026-43447 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race… | ||
| CVE-2026-43440 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL after destroy_workqueue() to match the cleanup in mana_gd_cleanup(). This prevents a… | ||
| CVE-2026-43438 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css… | ||
| CVE-2026-43437 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime (runtime = s->runtime at line 2157). After… | ||
| CVE-2026-43388 | Hig | 0.44 | 7.8 | 0.00 | May 8, 2026 | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided control structure before checking whether the context is running. If the… | ||
| CVE-2026-43084 | Hig | 0.44 | 7.8 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0… | ||
| CVE-2026-43074 | Hig | 0.44 | 7.8 | 0.00 | May 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer… | ||
| CVE-2026-31413 | Hig | 0.44 | 7.8 | 0.00 | Apr 12, 2026 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR when the source operand is a constant. When dst has signed range [-1, 0], it forks… | ||
| CVE-2026-31406 | Hig | 0.44 | 7.8 | 0.00 | Apr 6, 2026 | In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining states via… | ||
| CVE-2026-23448 | Hig | 0.44 | 7.8 | 0.00 | Apr 3, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: … | ||
| CVE-2024-0775 | Med | 0.44 | 6.7 | 0.00 | Jan 22, 2024 | A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. | ||
| CVE-2024-0565 | Med | 0.44 | 6.8 | 0.02 | Jan 15, 2024 | An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. | ||
| CVE-2022-21951 | Med | 0.44 | 6.8 | 0.00 | May 25, 2022 | A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI… | ||
| CVE-2021-31998 | Med | 0.44 | 6.8 | 0.00 | Jun 10, 2021 | A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux… | ||
| CVE-2006-7246 | Med | 0.44 | 6.8 | 0.01 | Jan 27, 2020 | NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used. | ||
| CVE-2019-3690 | Med | 0.44 | 6.8 | 0.00 | Dec 5, 2019 | The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate… | ||
| CVE-2019-7221 | Hig | 0.44 | 7.8 | 0.01 | Mar 21, 2019 | The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. | ||
| CVE-2018-19639 | Med | 0.44 | 6.7 | 0.01 | Mar 5, 2019 | If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root. | ||
| CVE-2019-8912 | Hig | 0.44 | 7.8 | 0.01 | Feb 18, 2019 | In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. | ||
| CVE-2017-13086 | Med | 0.44 | 6.8 | 0.02 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||
| CVE-2017-13084 | Med | 0.44 | 6.8 | 0.02 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||
| CVE-2017-13077 | Med | 0.44 | 6.8 | 0.02 | Oct 17, 2017 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames. | ||
| CVE-2011-3177 | Hig | 0.44 | 7.8 | 0.00 | Sep 8, 2017 | The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks. | ||
| CVE-2014-9888 | Hig | 0.44 | 7.8 | 0.00 | Aug 6, 2016 | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android… | ||
| CVE-2014-9870 | Hig | 0.44 | 7.8 | 0.01 | Aug 6, 2016 | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal… | ||
| CVE-2014-9803 | Hig | 0.44 | 7.8 | 0.01 | Jul 11, 2016 | arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug… | ||
| CVE-2015-8539 | Hig | 0.44 | 7.8 | 0.00 | Feb 8, 2016 | The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and… | ||
| CVE-2014-8369 | Hig | 0.44 | 7.8 | 0.01 | Nov 10, 2014 | The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified… | ||
| CVE-2014-7826 | Hig | 0.44 | 7.8 | 0.01 | Nov 10, 2014 | kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. |
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL The SCTP_SENDALL path in sctp_sendmsg() iterates ep->asocs with list_for_each_entry_safe(), which caches the next entry in @tmp before…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be cancelled after disabling interrupts to avoid a potential use-after-free.
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: drm: Set old handle to NULL before prime swap in change_handle There was a potential race condition in change_handle. The ioctl briefly had a single object with two idr entries; a concurrent gem_close could…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 ("HID: appletb-kbd: fix slab use-after-free bug in appletb_kbd_probe") added timer_delete_sync(&kbd->inactivity_timer) to both the…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: iris: fix use-after-free of fmt_src during MBPF check During concurrency testing, multiple instances can run in parallel, and each instance uses its own inst->lock while the core->lock protects the list…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock damon_sysfs_quot_goal->path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_dead() with preemption enabled. That is forbidden: do_task_dead() calls…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_dev_uninit and calls auxiliary_device_uninit(&sf_dev->adev). The device release…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_lazy() when pools are being purged, and the shrinker via vmap_node_shrink_scan().…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_reqchain_done() is invoked on asynchronous completion, it receives &req->chain as…
- risk 0.44cvss 7.9epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 does NOT want to intercept VMMCALL, nested_svm_l2_tlb_flush_enabled() is true, and…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` uses raw addition which can wrap around for large lcn and len values, bypassing…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_release() frees m2m_ctx while v4l2_m2m_try_run() is about to call device_run with the…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not in_sync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates on the vdev->cdx_irqs array based on its value, but provides no serialization…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. …
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: spi: rockchip-sfc: Fix double-free in remove() callback The driver uses devm_spi_register_controller() for registration, which automatically unregisters the controller via devm cleanup when the device is…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty->link reference in ldisc_open and ser_release A reproducer triggers a KASAN slab-use-after-free in pty_write_room() when caif_serial's TX path calls tty_write_room(). The faulting access…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: iavf: fix PTP use-after-free during reset Commit 7c01dbfc8a1c5f ("iavf: periodically cache PHC time") introduced a worker to cache PHC time, but failed to stop it during reset or disable. This creates a race…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net/mana: Null service_wq on setup error to prevent double destroy In mana_gd_setup() error path, set gc->service_wq to NULL after destroy_workqueue() to match the cleanup in mana_gd_cleanup(). This prevents a…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Remove redundant css_put() in scx_cgroup_init() The iterator css_for_each_descendant_pre() walks the cgroup hierarchy under cgroup_lock(). It does not increment the reference counts on yielded css…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() In the drain loop, the local variable 'runtime' is reassigned to a linked stream's runtime (runtime = s->runtime at line 2157). After…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided control structure before checking whether the context is running. If the…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause crash: BUG: KASAN: slab-use-after-free in nfqnl_recv_verdict+0x11ac/0x15e0…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep eventpoll struct while it still being used by another concurrent thread. Defer…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix unsound scalar forking in maybe_fork_scalars() for BPF_OR maybe_fork_scalars() is called for both BPF_AND and BPF_OR when the source operand is a constant. When dst has signed range [-1, 0], it forks…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() After cancel_delayed_work_sync() is called from xfrm_nat_keepalive_net_fini(), xfrm_state_fini() flushes remaining states via…
- risk 0.44cvss 7.8epss 0.00
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset: …
- risk 0.44cvss 6.7epss 0.00
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.
- risk 0.44cvss 6.8epss 0.02
An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.
- risk 0.44cvss 6.8epss 0.00
A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI…
- risk 0.44cvss 6.8epss 0.00
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux…
- risk 0.44cvss 6.8epss 0.01
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
- risk 0.44cvss 6.8epss 0.00
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate…
- risk 0.44cvss 7.8epss 0.01
The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.
- risk 0.44cvss 6.7epss 0.01
If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root.
- risk 0.44cvss 7.8epss 0.01
In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.
- risk 0.44cvss 6.8epss 0.02
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- risk 0.44cvss 6.8epss 0.02
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Station-To-Station-Link (STSL) Transient Key (STK) during the PeerKey handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- risk 0.44cvss 6.8epss 0.02
Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Pairwise Transient Key (PTK) Temporal Key (TK) during the four-way handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.
- risk 0.44cvss 7.8epss 0.00
The YaST2 network created files with world readable permissions which could have allowed local users to read sensitive material out of network configuration files, like passwords for wireless networks.
- risk 0.44cvss 7.8epss 0.00
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android…
- risk 0.44cvss 7.8epss 0.01
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal…
- risk 0.44cvss 7.8epss 0.01
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug…
- risk 0.44cvss 7.8epss 0.00
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and…
- risk 0.44cvss 7.8epss 0.01
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified…
- risk 0.44cvss 7.8epss 0.01
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.
Page 8 of 29