Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-31576 (GCVE-0-2026-31576)
Vulnerability from cvelistv5 – Published: 2026-04-24 14:42 – Updated: 2026-04-27 13:56
VLAI?
EPSS
Title
media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
In hackrf driver, the following race condition occurs:
```
CPU0 CPU1
hackrf_probe()
kzalloc(); // alloc hackrf_dev
....
v4l2_device_register();
....
fd = sys_open("/path/to/dev"); // open hackrf fd
....
v4l2_device_unregister();
....
kfree(); // free hackrf_dev
....
sys_ioctl(fd, ...);
v4l2_ioctl();
video_is_registered() // UAF!!
....
sys_close(fd);
v4l2_release() // UAF!!
hackrf_video_release()
kfree(); // DFB!!
```
When a V4L2 or video device is unregistered, the device node is removed so
new open() calls are blocked.
However, file descriptors that are already open-and any in-flight I/O-do
not terminate immediately; they remain valid until the last reference is
dropped and the driver's release() is invoked.
Therefore, freeing device memory on the error path after hackrf_probe()
has registered dev it will lead to a race to use-after-free vuln, since
those already-open handles haven't been released yet.
And since release() free memory too, race to use-after-free and
double-free vuln occur.
To prevent this, if device is registered from probe(), it should be
modified to free memory only through release() rather than calling
kfree() directly.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
8bc4a9ed85046c214458c9e82aea75d2f46cfffd , < 45cbaf5c7cdc5386d86377f0daf94a17a007fed0
(git)
Affected: 8bc4a9ed85046c214458c9e82aea75d2f46cfffd , < 98a0a81ce78020c2522e0046f49d200de9778cb9 (git) Affected: 8bc4a9ed85046c214458c9e82aea75d2f46cfffd , < 07e9e674b6146b1f6fc41b1f54b8968bf2802824 (git) Affected: 8bc4a9ed85046c214458c9e82aea75d2f46cfffd , < 2145c71a8044362e82e9923f001ba2aeb771b848 (git) Affected: 8bc4a9ed85046c214458c9e82aea75d2f46cfffd , < fcd1d70792a35c8a97414fe429f48311e41269c2 (git) Affected: 8bc4a9ed85046c214458c9e82aea75d2f46cfffd , < 3b7da2b4d0fe014eff181ed37e3bf832eb8ed258 (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/hackrf/hackrf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "45cbaf5c7cdc5386d86377f0daf94a17a007fed0",
"status": "affected",
"version": "8bc4a9ed85046c214458c9e82aea75d2f46cfffd",
"versionType": "git"
},
{
"lessThan": "98a0a81ce78020c2522e0046f49d200de9778cb9",
"status": "affected",
"version": "8bc4a9ed85046c214458c9e82aea75d2f46cfffd",
"versionType": "git"
},
{
"lessThan": "07e9e674b6146b1f6fc41b1f54b8968bf2802824",
"status": "affected",
"version": "8bc4a9ed85046c214458c9e82aea75d2f46cfffd",
"versionType": "git"
},
{
"lessThan": "2145c71a8044362e82e9923f001ba2aeb771b848",
"status": "affected",
"version": "8bc4a9ed85046c214458c9e82aea75d2f46cfffd",
"versionType": "git"
},
{
"lessThan": "fcd1d70792a35c8a97414fe429f48311e41269c2",
"status": "affected",
"version": "8bc4a9ed85046c214458c9e82aea75d2f46cfffd",
"versionType": "git"
},
{
"lessThan": "3b7da2b4d0fe014eff181ed37e3bf832eb8ed258",
"status": "affected",
"version": "8bc4a9ed85046c214458c9e82aea75d2f46cfffd",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/media/usb/hackrf/hackrf.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.4"
},
{
"lessThan": "4.4",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.136",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.83",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.24",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.14",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.136",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.83",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.24",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.14",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.1",
"versionStartIncluding": "4.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1-rc1",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hackrf: fix to not free memory after the device is registered in hackrf_probe()\n\nIn hackrf driver, the following race condition occurs:\n```\n\t\tCPU0\t\t\t\t\t\tCPU1\nhackrf_probe()\n kzalloc(); // alloc hackrf_dev\n ....\n v4l2_device_register();\n ....\n\t\t\t\t\t\tfd = sys_open(\"/path/to/dev\"); // open hackrf fd\n\t\t\t\t\t\t....\n v4l2_device_unregister();\n ....\n kfree(); // free hackrf_dev\n ....\n\t\t\t\t\t\tsys_ioctl(fd, ...);\n\t\t\t\t\t\t v4l2_ioctl();\n\t\t\t\t\t\t video_is_registered() // UAF!!\n\t\t\t\t\t\t....\n\t\t\t\t\t\tsys_close(fd);\n\t\t\t\t\t\t v4l2_release() // UAF!!\n\t\t\t\t\t\t hackrf_video_release()\n\t\t\t\t\t\t kfree(); // DFB!!\n```\n\nWhen a V4L2 or video device is unregistered, the device node is removed so\nnew open() calls are blocked.\n\nHowever, file descriptors that are already open-and any in-flight I/O-do\nnot terminate immediately; they remain valid until the last reference is\ndropped and the driver\u0027s release() is invoked.\n\nTherefore, freeing device memory on the error path after hackrf_probe()\nhas registered dev it will lead to a race to use-after-free vuln, since\nthose already-open handles haven\u0027t been released yet.\n\nAnd since release() free memory too, race to use-after-free and\ndouble-free vuln occur.\n\nTo prevent this, if device is registered from probe(), it should be\nmodified to free memory only through release() rather than calling\nkfree() directly."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-27T13:56:23.791Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/45cbaf5c7cdc5386d86377f0daf94a17a007fed0"
},
{
"url": "https://git.kernel.org/stable/c/98a0a81ce78020c2522e0046f49d200de9778cb9"
},
{
"url": "https://git.kernel.org/stable/c/07e9e674b6146b1f6fc41b1f54b8968bf2802824"
},
{
"url": "https://git.kernel.org/stable/c/2145c71a8044362e82e9923f001ba2aeb771b848"
},
{
"url": "https://git.kernel.org/stable/c/fcd1d70792a35c8a97414fe429f48311e41269c2"
},
{
"url": "https://git.kernel.org/stable/c/3b7da2b4d0fe014eff181ed37e3bf832eb8ed258"
}
],
"title": "media: hackrf: fix to not free memory after the device is registered in hackrf_probe()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-31576",
"datePublished": "2026-04-24T14:42:08.188Z",
"dateReserved": "2026-03-09T15:48:24.119Z",
"dateUpdated": "2026-04-27T13:56:23.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31576",
"date": "2026-05-07",
"epss": "0.00013",
"percentile": "0.0241"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31576\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-04-24T15:16:32.230\",\"lastModified\":\"2026-04-27T20:40:20.953\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nmedia: hackrf: fix to not free memory after the device is registered in hackrf_probe()\\n\\nIn hackrf driver, the following race condition occurs:\\n```\\n\\t\\tCPU0\\t\\t\\t\\t\\t\\tCPU1\\nhackrf_probe()\\n kzalloc(); // alloc hackrf_dev\\n ....\\n v4l2_device_register();\\n ....\\n\\t\\t\\t\\t\\t\\tfd = sys_open(\\\"/path/to/dev\\\"); // open hackrf fd\\n\\t\\t\\t\\t\\t\\t....\\n v4l2_device_unregister();\\n ....\\n kfree(); // free hackrf_dev\\n ....\\n\\t\\t\\t\\t\\t\\tsys_ioctl(fd, ...);\\n\\t\\t\\t\\t\\t\\t v4l2_ioctl();\\n\\t\\t\\t\\t\\t\\t video_is_registered() // UAF!!\\n\\t\\t\\t\\t\\t\\t....\\n\\t\\t\\t\\t\\t\\tsys_close(fd);\\n\\t\\t\\t\\t\\t\\t v4l2_release() // UAF!!\\n\\t\\t\\t\\t\\t\\t hackrf_video_release()\\n\\t\\t\\t\\t\\t\\t kfree(); // DFB!!\\n```\\n\\nWhen a V4L2 or video device is unregistered, the device node is removed so\\nnew open() calls are blocked.\\n\\nHowever, file descriptors that are already open-and any in-flight I/O-do\\nnot terminate immediately; they remain valid until the last reference is\\ndropped and the driver\u0027s release() is invoked.\\n\\nTherefore, freeing device memory on the error path after hackrf_probe()\\nhas registered dev it will lead to a race to use-after-free vuln, since\\nthose already-open handles haven\u0027t been released yet.\\n\\nAnd since release() free memory too, race to use-after-free and\\ndouble-free vuln occur.\\n\\nTo prevent this, if device is registered from probe(), it should be\\nmodified to free memory only through release() rather than calling\\nkfree() directly.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.6.136\",\"matchCriteriaId\":\"14109CEF-714B-4029-A318-97AA58A01833\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.83\",\"matchCriteriaId\":\"7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.24\",\"matchCriteriaId\":\"8126B8B8-6D0B-4443-86C1-672AEE893555\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.14\",\"matchCriteriaId\":\"D6A8A074-BBF4-4803-ABED-519A839435BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"7.0.1\",\"matchCriteriaId\":\"9B5888AB-7403-4335-89E4-21CC0B48366A\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/07e9e674b6146b1f6fc41b1f54b8968bf2802824\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2145c71a8044362e82e9923f001ba2aeb771b848\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3b7da2b4d0fe014eff181ed37e3bf832eb8ed258\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/45cbaf5c7cdc5386d86377f0daf94a17a007fed0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/98a0a81ce78020c2522e0046f49d200de9778cb9\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/fcd1d70792a35c8a97414fe429f48311e41269c2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
MSRC_CVE-2026-31576
Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-04-30 01:43Summary
media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
None Available
There is no fix available for this vulnerability as of now
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-31576.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "media: hackrf: fix to not free memory after the device is registered in hackrf_probe()",
"tracking": {
"current_release_date": "2026-04-30T01:43:12.000Z",
"generator": {
"date": "2026-04-30T08:42:48.174Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-31576",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-26T01:08:41.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-04-27T14:37:47.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-04-29T01:03:18.000Z",
"legacy_version": "2",
"number": "3",
"summary": "Information published."
},
{
"date": "2026-04-29T01:46:28.000Z",
"legacy_version": "3",
"number": "4",
"summary": "Information published."
},
{
"date": "2026-04-29T14:43:21.000Z",
"legacy_version": "4",
"number": "5",
"summary": "Information published."
},
{
"date": "2026-04-30T01:43:12.000Z",
"legacy_version": "5",
"number": "6",
"summary": "Information published."
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kernel 0:6.6.130.1-3.azl3",
"product": {
"name": "azl3 kernel 0:6.6.130.1-3.azl3",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "kernel"
},
{
"category": "product_name",
"name": "cbl2 kernel 0:5.15.202.1-1.cbl2",
"product": {
"name": "cbl2 kernel 0:5.15.202.1-1.cbl2",
"product_id": "3"
}
},
{
"category": "product_name",
"name": "azl3 kernel 0:6.6.134.1-2.azl3",
"product": {
"name": "azl3 kernel 0:6.6.134.1-2.azl3",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kernel 0:5.15.202.1-1.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 0:6.6.130.1-3.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 0:6.6.134.1-2.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31576",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17086-3",
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-2"
],
"known_not_affected": [
"17086-3",
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-31576.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-04-26T01:08:41.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-2"
]
}
],
"title": "media: hackrf: fix to not free memory after the device is registered in hackrf_probe()"
}
]
}
FKIE_CVE-2026-31576
Vulnerability from fkie_nvd - Published: 2026-04-24 15:16 - Updated: 2026-04-27 20:40
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
In hackrf driver, the following race condition occurs:
```
CPU0 CPU1
hackrf_probe()
kzalloc(); // alloc hackrf_dev
....
v4l2_device_register();
....
fd = sys_open("/path/to/dev"); // open hackrf fd
....
v4l2_device_unregister();
....
kfree(); // free hackrf_dev
....
sys_ioctl(fd, ...);
v4l2_ioctl();
video_is_registered() // UAF!!
....
sys_close(fd);
v4l2_release() // UAF!!
hackrf_video_release()
kfree(); // DFB!!
```
When a V4L2 or video device is unregistered, the device node is removed so
new open() calls are blocked.
However, file descriptors that are already open-and any in-flight I/O-do
not terminate immediately; they remain valid until the last reference is
dropped and the driver's release() is invoked.
Therefore, freeing device memory on the error path after hackrf_probe()
has registered dev it will lead to a race to use-after-free vuln, since
those already-open handles haven't been released yet.
And since release() free memory too, race to use-after-free and
double-free vuln occur.
To prevent this, if device is registered from probe(), it should be
modified to free memory only through release() rather than calling
kfree() directly.
References
| URL | Tags | ||
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/07e9e674b6146b1f6fc41b1f54b8968bf2802824 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/2145c71a8044362e82e9923f001ba2aeb771b848 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/3b7da2b4d0fe014eff181ed37e3bf832eb8ed258 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/45cbaf5c7cdc5386d86377f0daf94a17a007fed0 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/98a0a81ce78020c2522e0046f49d200de9778cb9 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/fcd1d70792a35c8a97414fe429f48311e41269c2 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14109CEF-714B-4029-A318-97AA58A01833",
"versionEndExcluding": "6.6.136",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7F0AE5B5-23AC-4DCC-B37A-51CA1DAE7BA8",
"versionEndExcluding": "6.12.83",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8126B8B8-6D0B-4443-86C1-672AEE893555",
"versionEndExcluding": "6.18.24",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A8A074-BBF4-4803-ABED-519A839435BB",
"versionEndExcluding": "6.19.14",
"versionStartIncluding": "6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9B5888AB-7403-4335-89E4-21CC0B48366A",
"versionEndExcluding": "7.0.1",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hackrf: fix to not free memory after the device is registered in hackrf_probe()\n\nIn hackrf driver, the following race condition occurs:\n```\n\t\tCPU0\t\t\t\t\t\tCPU1\nhackrf_probe()\n kzalloc(); // alloc hackrf_dev\n ....\n v4l2_device_register();\n ....\n\t\t\t\t\t\tfd = sys_open(\"/path/to/dev\"); // open hackrf fd\n\t\t\t\t\t\t....\n v4l2_device_unregister();\n ....\n kfree(); // free hackrf_dev\n ....\n\t\t\t\t\t\tsys_ioctl(fd, ...);\n\t\t\t\t\t\t v4l2_ioctl();\n\t\t\t\t\t\t video_is_registered() // UAF!!\n\t\t\t\t\t\t....\n\t\t\t\t\t\tsys_close(fd);\n\t\t\t\t\t\t v4l2_release() // UAF!!\n\t\t\t\t\t\t hackrf_video_release()\n\t\t\t\t\t\t kfree(); // DFB!!\n```\n\nWhen a V4L2 or video device is unregistered, the device node is removed so\nnew open() calls are blocked.\n\nHowever, file descriptors that are already open-and any in-flight I/O-do\nnot terminate immediately; they remain valid until the last reference is\ndropped and the driver\u0027s release() is invoked.\n\nTherefore, freeing device memory on the error path after hackrf_probe()\nhas registered dev it will lead to a race to use-after-free vuln, since\nthose already-open handles haven\u0027t been released yet.\n\nAnd since release() free memory too, race to use-after-free and\ndouble-free vuln occur.\n\nTo prevent this, if device is registered from probe(), it should be\nmodified to free memory only through release() rather than calling\nkfree() directly."
}
],
"id": "CVE-2026-31576",
"lastModified": "2026-04-27T20:40:20.953",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-04-24T15:16:32.230",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/07e9e674b6146b1f6fc41b1f54b8968bf2802824"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2145c71a8044362e82e9923f001ba2aeb771b848"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/3b7da2b4d0fe014eff181ed37e3bf832eb8ed258"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/45cbaf5c7cdc5386d86377f0daf94a17a007fed0"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/98a0a81ce78020c2522e0046f49d200de9778cb9"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/fcd1d70792a35c8a97414fe429f48311e41269c2"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2026-AVI-0548
Vulnerability from certfr_avis - Published: 2026-05-07 - Updated: 2026-05-07
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 6.12.85-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
},
{
"description": "Debian trixie versions ant\u00e9rieures \u00e0 version 6.1.170-1",
"product": {
"name": "Debian",
"vendor": {
"name": "Debian",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-31559",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31559"
},
{
"name": "CVE-2026-31623",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31623"
},
{
"name": "CVE-2026-31483",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31483"
},
{
"name": "CVE-2026-31409",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31409"
},
{
"name": "CVE-2026-31522",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31522"
},
{
"name": "CVE-2026-31770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31770"
},
{
"name": "CVE-2026-23447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23447"
},
{
"name": "CVE-2026-31582",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31582"
},
{
"name": "CVE-2026-23387",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23387"
},
{
"name": "CVE-2026-31619",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31619"
},
{
"name": "CVE-2026-31658",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31658"
},
{
"name": "CVE-2026-31618",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31618"
},
{
"name": "CVE-2025-21682",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21682"
},
{
"name": "CVE-2026-31756",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31756"
},
{
"name": "CVE-2026-31467",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31467"
},
{
"name": "CVE-2026-23318",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23318"
},
{
"name": "CVE-2026-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23368"
},
{
"name": "CVE-2026-31485",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31485"
},
{
"name": "CVE-2026-23475",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23475"
},
{
"name": "CVE-2026-31578",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31578"
},
{
"name": "CVE-2025-40147",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40147"
},
{
"name": "CVE-2026-31754",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31754"
},
{
"name": "CVE-2026-31402",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31402"
},
{
"name": "CVE-2025-40219",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40219"
},
{
"name": "CVE-2026-23426",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23426"
},
{
"name": "CVE-2026-31758",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31758"
},
{
"name": "CVE-2025-68736",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68736"
},
{
"name": "CVE-2025-71265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71265"
},
{
"name": "CVE-2026-23450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23450"
},
{
"name": "CVE-2026-23281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23281"
},
{
"name": "CVE-2026-31530",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31530"
},
{
"name": "CVE-2025-71221",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71221"
},
{
"name": "CVE-2026-31685",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31685"
},
{
"name": "CVE-2026-31416",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31416"
},
{
"name": "CVE-2026-31656",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31656"
},
{
"name": "CVE-2025-39764",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39764"
},
{
"name": "CVE-2026-31453",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31453"
},
{
"name": "CVE-2026-23004",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23004"
},
{
"name": "CVE-2026-31593",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31593"
},
{
"name": "CVE-2026-23438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23438"
},
{
"name": "CVE-2026-23293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23293"
},
{
"name": "CVE-2026-23463",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23463"
},
{
"name": "CVE-2026-23227",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23227"
},
{
"name": "CVE-2026-23454",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23454"
},
{
"name": "CVE-2026-31405",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31405"
},
{
"name": "CVE-2026-43054",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43054"
},
{
"name": "CVE-2026-23465",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23465"
},
{
"name": "CVE-2026-31664",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31664"
},
{
"name": "CVE-2026-31542",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31542"
},
{
"name": "CVE-2026-31473",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31473"
},
{
"name": "CVE-2026-23297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23297"
},
{
"name": "CVE-2026-31556",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31556"
},
{
"name": "CVE-2026-31528",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31528"
},
{
"name": "CVE-2026-31448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31448"
},
{
"name": "CVE-2026-31597",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31597"
},
{
"name": "CVE-2025-21709",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21709"
},
{
"name": "CVE-2026-22981",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22981"
},
{
"name": "CVE-2026-31550",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31550"
},
{
"name": "CVE-2026-31487",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31487"
},
{
"name": "CVE-2026-23290",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23290"
},
{
"name": "CVE-2026-31549",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31549"
},
{
"name": "CVE-2026-31752",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31752"
},
{
"name": "CVE-2025-40016",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40016"
},
{
"name": "CVE-2026-31787",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31787"
},
{
"name": "CVE-2025-38626",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38626"
},
{
"name": "CVE-2026-23303",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23303"
},
{
"name": "CVE-2026-43011",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43011"
},
{
"name": "CVE-2025-68175",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68175"
},
{
"name": "CVE-2026-31396",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31396"
},
{
"name": "CVE-2026-23461",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23461"
},
{
"name": "CVE-2026-31680",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31680"
},
{
"name": "CVE-2026-31586",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31586"
},
{
"name": "CVE-2026-23340",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23340"
},
{
"name": "CVE-2026-43046",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43046"
},
{
"name": "CVE-2025-68334",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68334"
},
{
"name": "CVE-2026-31738",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31738"
},
{
"name": "CVE-2026-23441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23441"
},
{
"name": "CVE-2026-23210",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23210"
},
{
"name": "CVE-2025-40005",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40005"
},
{
"name": "CVE-2026-31751",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31751"
},
{
"name": "CVE-2026-23380",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23380"
},
{
"name": "CVE-2026-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23383"
},
{
"name": "CVE-2026-31462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31462"
},
{
"name": "CVE-2026-23412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23412"
},
{
"name": "CVE-2026-23439",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23439"
},
{
"name": "CVE-2026-23253",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23253"
},
{
"name": "CVE-2026-43025",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43025"
},
{
"name": "CVE-2026-31581",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31581"
},
{
"name": "CVE-2026-31721",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31721"
},
{
"name": "CVE-2026-31617",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31617"
},
{
"name": "CVE-2026-23271",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23271"
},
{
"name": "CVE-2025-68265",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68265"
},
{
"name": "CVE-2026-23434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23434"
},
{
"name": "CVE-2026-31655",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31655"
},
{
"name": "CVE-2026-31611",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31611"
},
{
"name": "CVE-2026-31502",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31502"
},
{
"name": "CVE-2026-31531",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31531"
},
{
"name": "CVE-2026-43018",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43018"
},
{
"name": "CVE-2026-43014",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43014"
},
{
"name": "CVE-2026-31447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31447"
},
{
"name": "CVE-2025-22116",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22116"
},
{
"name": "CVE-2026-23226",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23226"
},
{
"name": "CVE-2026-23285",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23285"
},
{
"name": "CVE-2026-31431",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31431"
},
{
"name": "CVE-2026-31645",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31645"
},
{
"name": "CVE-2026-23470",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23470"
},
{
"name": "CVE-2026-31599",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31599"
},
{
"name": "CVE-2026-43028",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43028"
},
{
"name": "CVE-2026-31511",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31511"
},
{
"name": "CVE-2026-31614",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31614"
},
{
"name": "CVE-2026-23422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23422"
},
{
"name": "CVE-2026-31482",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31482"
},
{
"name": "CVE-2026-31548",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31548"
},
{
"name": "CVE-2026-23304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23304"
},
{
"name": "CVE-2026-31683",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31683"
},
{
"name": "CVE-2026-23357",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23357"
},
{
"name": "CVE-2026-31408",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31408"
},
{
"name": "CVE-2025-38105",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38105"
},
{
"name": "CVE-2026-31524",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31524"
},
{
"name": "CVE-2026-31505",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31505"
},
{
"name": "CVE-2026-31668",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31668"
},
{
"name": "CVE-2026-23250",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23250"
},
{
"name": "CVE-2026-23066",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23066"
},
{
"name": "CVE-2026-31478",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31478"
},
{
"name": "CVE-2026-31546",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31546"
},
{
"name": "CVE-2025-38426",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38426"
},
{
"name": "CVE-2025-38436",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38436"
},
{
"name": "CVE-2026-31583",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31583"
},
{
"name": "CVE-2025-22117",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22117"
},
{
"name": "CVE-2026-31605",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31605"
},
{
"name": "CVE-2026-23324",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23324"
},
{
"name": "CVE-2026-23347",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23347"
},
{
"name": "CVE-2026-23373",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23373"
},
{
"name": "CVE-2026-31516",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31516"
},
{
"name": "CVE-2024-50298",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50298"
},
{
"name": "CVE-2026-23317",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23317"
},
{
"name": "CVE-2026-43047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43047"
},
{
"name": "CVE-2026-31389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31389"
},
{
"name": "CVE-2026-31394",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31394"
},
{
"name": "CVE-2026-31786",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31786"
},
{
"name": "CVE-2026-31545",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31545"
},
{
"name": "CVE-2026-31681",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31681"
},
{
"name": "CVE-2026-31598",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31598"
},
{
"name": "CVE-2026-23456",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23456"
},
{
"name": "CVE-2026-43033",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43033"
},
{
"name": "CVE-2026-43023",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43023"
},
{
"name": "CVE-2026-23287",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23287"
},
{
"name": "CVE-2026-31510",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31510"
},
{
"name": "CVE-2026-31622",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31622"
},
{
"name": "CVE-2026-23457",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23457"
},
{
"name": "CVE-2026-31595",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31595"
},
{
"name": "CVE-2026-31496",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31496"
},
{
"name": "CVE-2026-31642",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31642"
},
{
"name": "CVE-2026-23399",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23399"
},
{
"name": "CVE-2026-23334",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23334"
},
{
"name": "CVE-2025-40242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40242"
},
{
"name": "CVE-2026-31659",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31659"
},
{
"name": "CVE-2026-23401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23401"
},
{
"name": "CVE-2025-71239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71239"
},
{
"name": "CVE-2026-23207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23207"
},
{
"name": "CVE-2026-43057",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43057"
},
{
"name": "CVE-2026-43030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43030"
},
{
"name": "CVE-2026-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23138"
},
{
"name": "CVE-2025-38250",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38250"
},
{
"name": "CVE-2026-31525",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31525"
},
{
"name": "CVE-2026-31638",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31638"
},
{
"name": "CVE-2026-31588",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31588"
},
{
"name": "CVE-2026-23391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23391"
},
{
"name": "CVE-2026-31415",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31415"
},
{
"name": "CVE-2026-31647",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31647"
},
{
"name": "CVE-2024-47809",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47809"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2026-23462",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23462"
},
{
"name": "CVE-2026-31563",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31563"
},
{
"name": "CVE-2026-23273",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23273"
},
{
"name": "CVE-2026-23372",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23372"
},
{
"name": "CVE-2026-31693",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31693"
},
{
"name": "CVE-2026-31689",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31689"
},
{
"name": "CVE-2026-23319",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23319"
},
{
"name": "CVE-2024-56719",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56719"
},
{
"name": "CVE-2026-31566",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31566"
},
{
"name": "CVE-2026-31494",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31494"
},
{
"name": "CVE-2026-31565",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31565"
},
{
"name": "CVE-2026-23270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23270"
},
{
"name": "CVE-2026-31763",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31763"
},
{
"name": "CVE-2026-23279",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23279"
},
{
"name": "CVE-2026-23466",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23466"
},
{
"name": "CVE-2026-31616",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31616"
},
{
"name": "CVE-2026-31670",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31670"
},
{
"name": "CVE-2026-23240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23240"
},
{
"name": "CVE-2026-23244",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23244"
},
{
"name": "CVE-2026-23246",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23246"
},
{
"name": "CVE-2026-31422",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31422"
},
{
"name": "CVE-2026-23286",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23286"
},
{
"name": "CVE-2026-23359",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23359"
},
{
"name": "CVE-2026-31533",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31533"
},
{
"name": "CVE-2026-23298",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23298"
},
{
"name": "CVE-2026-31469",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31469"
},
{
"name": "CVE-2026-31498",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31498"
},
{
"name": "CVE-2026-31615",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31615"
},
{
"name": "CVE-2026-31520",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31520"
},
{
"name": "CVE-2026-31449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31449"
},
{
"name": "CVE-2026-31418",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31418"
},
{
"name": "CVE-2026-23296",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23296"
},
{
"name": "CVE-2026-31427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31427"
},
{
"name": "CVE-2026-31555",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31555"
},
{
"name": "CVE-2026-31594",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31594"
},
{
"name": "CVE-2026-31392",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31392"
},
{
"name": "CVE-2026-23360",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23360"
},
{
"name": "CVE-2025-40150",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40150"
},
{
"name": "CVE-2026-31580",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31580"
},
{
"name": "CVE-2026-31515",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31515"
},
{
"name": "CVE-2026-31661",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31661"
},
{
"name": "CVE-2026-31737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31737"
},
{
"name": "CVE-2025-38627",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38627"
},
{
"name": "CVE-2026-31606",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31606"
},
{
"name": "CVE-2026-43017",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43017"
},
{
"name": "CVE-2024-14027",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-14027"
},
{
"name": "CVE-2025-71267",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71267"
},
{
"name": "CVE-2026-43043",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43043"
},
{
"name": "CVE-2025-37945",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37945"
},
{
"name": "CVE-2026-23308",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23308"
},
{
"name": "CVE-2026-31684",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31684"
},
{
"name": "CVE-2026-23396",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23396"
},
{
"name": "CVE-2026-31423",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31423"
},
{
"name": "CVE-2026-31625",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31625"
},
{
"name": "CVE-2026-43051",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43051"
},
{
"name": "CVE-2026-31759",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31759"
},
{
"name": "CVE-2026-31432",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31432"
},
{
"name": "CVE-2026-23370",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23370"
},
{
"name": "CVE-2025-38303",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38303"
},
{
"name": "CVE-2026-23302",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23302"
},
{
"name": "CVE-2026-23414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23414"
},
{
"name": "CVE-2026-31781",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31781"
},
{
"name": "CVE-2026-23315",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23315"
},
{
"name": "CVE-2026-31523",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31523"
},
{
"name": "CVE-2026-31669",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31669"
},
{
"name": "CVE-2026-31450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31450"
},
{
"name": "CVE-2026-31671",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31671"
},
{
"name": "CVE-2026-31749",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31749"
},
{
"name": "CVE-2026-43024",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43024"
},
{
"name": "CVE-2026-23239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23239"
},
{
"name": "CVE-2026-23352",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23352"
},
{
"name": "CVE-2026-31720",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31720"
},
{
"name": "CVE-2026-31554",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31554"
},
{
"name": "CVE-2026-31748",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31748"
},
{
"name": "CVE-2026-23367",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23367"
},
{
"name": "CVE-2026-31628",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31628"
},
{
"name": "CVE-2026-23427",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23427"
},
{
"name": "CVE-2026-31662",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31662"
},
{
"name": "CVE-2025-71067",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71067"
},
{
"name": "CVE-2026-31768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31768"
},
{
"name": "CVE-2026-43026",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43026"
},
{
"name": "CVE-2026-31480",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31480"
},
{
"name": "CVE-2026-23255",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23255"
},
{
"name": "CVE-2026-23446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23446"
},
{
"name": "CVE-2026-23417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23417"
},
{
"name": "CVE-2026-43035",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43035"
},
{
"name": "CVE-2026-31561",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31561"
},
{
"name": "CVE-2026-31627",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31627"
},
{
"name": "CVE-2025-71269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71269"
},
{
"name": "CVE-2026-31429",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31429"
},
{
"name": "CVE-2026-31665",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31665"
},
{
"name": "CVE-2025-40358",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40358"
},
{
"name": "CVE-2026-23300",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23300"
},
{
"name": "CVE-2026-23444",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23444"
},
{
"name": "CVE-2026-31391",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31391"
},
{
"name": "CVE-2026-31406",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31406"
},
{
"name": "CVE-2026-31672",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31672"
},
{
"name": "CVE-2026-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31401"
},
{
"name": "CVE-2026-31780",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31780"
},
{
"name": "CVE-2026-23243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
},
{
"name": "CVE-2026-31479",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31479"
},
{
"name": "CVE-2023-53510",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53510"
},
{
"name": "CVE-2026-31675",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31675"
},
{
"name": "CVE-2026-31521",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31521"
},
{
"name": "CVE-2026-23363",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23363"
},
{
"name": "CVE-2026-31626",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31626"
},
{
"name": "CVE-2026-23445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23445"
},
{
"name": "CVE-2026-31634",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31634"
},
{
"name": "CVE-2026-31610",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31610"
},
{
"name": "CVE-2024-47736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47736"
},
{
"name": "CVE-2026-31412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31412"
},
{
"name": "CVE-2026-43032",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43032"
},
{
"name": "CVE-2026-23362",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23362"
},
{
"name": "CVE-2026-23379",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23379"
},
{
"name": "CVE-2026-31648",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31648"
},
{
"name": "CVE-2026-31421",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31421"
},
{
"name": "CVE-2026-31677",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31677"
},
{
"name": "CVE-2023-53545",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53545"
},
{
"name": "CVE-2026-23381",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23381"
},
{
"name": "CVE-2026-31518",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31518"
},
{
"name": "CVE-2026-31470",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31470"
},
{
"name": "CVE-2026-31686",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31686"
},
{
"name": "CVE-2026-31660",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31660"
},
{
"name": "CVE-2026-23392",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23392"
},
{
"name": "CVE-2026-23245",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23245"
},
{
"name": "CVE-2026-31728",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31728"
},
{
"name": "CVE-2024-49998",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49998"
},
{
"name": "CVE-2026-31403",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31403"
},
{
"name": "CVE-2026-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31400"
},
{
"name": "CVE-2026-31512",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31512"
},
{
"name": "CVE-2026-23330",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23330"
},
{
"name": "CVE-2026-31726",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31726"
},
{
"name": "CVE-2026-31504",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31504"
},
{
"name": "CVE-2026-31773",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31773"
},
{
"name": "CVE-2026-23364",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23364"
},
{
"name": "CVE-2026-31607",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31607"
},
{
"name": "CVE-2026-23242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
},
{
"name": "CVE-2026-43015",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43015"
},
{
"name": "CVE-2026-31509",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31509"
},
{
"name": "CVE-2026-31679",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31679"
},
{
"name": "CVE-2025-40135",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40135"
},
{
"name": "CVE-2026-31637",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31637"
},
{
"name": "CVE-2026-31779",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31779"
},
{
"name": "CVE-2026-31612",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31612"
},
{
"name": "CVE-2026-23428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23428"
},
{
"name": "CVE-2026-23274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
},
{
"name": "CVE-2026-31590",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31590"
},
{
"name": "CVE-2026-22993",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22993"
},
{
"name": "CVE-2026-23361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23361"
},
{
"name": "CVE-2025-38192",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38192"
},
{
"name": "CVE-2026-43020",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43020"
},
{
"name": "CVE-2026-31417",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31417"
},
{
"name": "CVE-2026-43041",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43041"
},
{
"name": "CVE-2026-31761",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31761"
},
{
"name": "CVE-2026-31466",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31466"
},
{
"name": "CVE-2026-31527",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31527"
},
{
"name": "CVE-2026-31604",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31604"
},
{
"name": "CVE-2026-23448",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23448"
},
{
"name": "CVE-2026-22985",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22985"
},
{
"name": "CVE-2025-71152",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71152"
},
{
"name": "CVE-2026-31414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31414"
},
{
"name": "CVE-2026-31584",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31584"
},
{
"name": "CVE-2026-31778",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31778"
},
{
"name": "CVE-2025-38704",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38704"
},
{
"name": "CVE-2026-31557",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31557"
},
{
"name": "CVE-2026-31426",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31426"
},
{
"name": "CVE-2026-23354",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23354"
},
{
"name": "CVE-2026-23325",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23325"
},
{
"name": "CVE-2025-21676",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-21676"
},
{
"name": "CVE-2026-43040",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43040"
},
{
"name": "CVE-2026-23440",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23440"
},
{
"name": "CVE-2026-31552",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31552"
},
{
"name": "CVE-2026-23284",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23284"
},
{
"name": "CVE-2026-31488",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31488"
},
{
"name": "CVE-2026-23278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23278"
},
{
"name": "CVE-2026-31532",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31532"
},
{
"name": "CVE-2026-23397",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23397"
},
{
"name": "CVE-2026-23452",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23452"
},
{
"name": "CVE-2026-23474",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23474"
},
{
"name": "CVE-2026-31434",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31434"
},
{
"name": "CVE-2026-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23343"
},
{
"name": "CVE-2026-31430",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31430"
},
{
"name": "CVE-2026-23336",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23336"
},
{
"name": "CVE-2026-31497",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31497"
},
{
"name": "CVE-2026-31682",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31682"
},
{
"name": "CVE-2026-31570",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31570"
},
{
"name": "CVE-2026-23289",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23289"
},
{
"name": "CVE-2026-31755",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31755"
},
{
"name": "CVE-2026-23292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23292"
},
{
"name": "CVE-2026-23141",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23141"
},
{
"name": "CVE-2026-31451",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31451"
},
{
"name": "CVE-2026-23277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23277"
},
{
"name": "CVE-2026-31399",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31399"
},
{
"name": "CVE-2026-22986",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22986"
},
{
"name": "CVE-2026-31489",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31489"
},
{
"name": "CVE-2026-31441",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31441"
},
{
"name": "CVE-2026-23455",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23455"
},
{
"name": "CVE-2026-23316",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23316"
},
{
"name": "CVE-2026-23251",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23251"
},
{
"name": "CVE-2026-23335",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23335"
},
{
"name": "CVE-2026-31551",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31551"
},
{
"name": "CVE-2026-31495",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31495"
},
{
"name": "CVE-2026-23252",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23252"
},
{
"name": "CVE-2026-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23369"
},
{
"name": "CVE-2026-31507",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31507"
},
{
"name": "CVE-2026-23389",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23389"
},
{
"name": "CVE-2026-31762",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31762"
},
{
"name": "CVE-2026-31788",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31788"
},
{
"name": "CVE-2026-31411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31411"
},
{
"name": "CVE-2026-31428",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31428"
},
{
"name": "CVE-2026-23420",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23420"
},
{
"name": "CVE-2026-23388",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23388"
},
{
"name": "CVE-2025-39748",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39748"
},
{
"name": "CVE-2026-23449",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23449"
},
{
"name": "CVE-2025-39863",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39863"
},
{
"name": "CVE-2025-71266",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71266"
},
{
"name": "CVE-2026-31492",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31492"
},
{
"name": "CVE-2026-43037",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43037"
},
{
"name": "CVE-2026-23070",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23070"
},
{
"name": "CVE-2026-31596",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31596"
},
{
"name": "CVE-2026-31666",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31666"
},
{
"name": "CVE-2026-31676",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31676"
},
{
"name": "CVE-2026-23442",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23442"
},
{
"name": "CVE-2026-31476",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31476"
},
{
"name": "CVE-2026-31603",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31603"
},
{
"name": "CVE-2026-23104",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23104"
},
{
"name": "CVE-2026-23393",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23393"
},
{
"name": "CVE-2026-23458",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23458"
},
{
"name": "CVE-2026-23313",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23313"
},
{
"name": "CVE-2026-31649",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31649"
},
{
"name": "CVE-2026-31674",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31674"
},
{
"name": "CVE-2026-31393",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31393"
},
{
"name": "CVE-2026-23310",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23310"
},
{
"name": "CVE-2026-31577",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31577"
},
{
"name": "CVE-2026-43027",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43027"
},
{
"name": "CVE-2025-68206",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68206"
},
{
"name": "CVE-2026-31576",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31576"
},
{
"name": "CVE-2026-31506",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31506"
},
{
"name": "CVE-2026-23339",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23339"
},
{
"name": "CVE-2026-31433",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31433"
},
{
"name": "CVE-2026-31458",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31458"
},
{
"name": "CVE-2026-31776",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31776"
},
{
"name": "CVE-2026-31575",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31575"
},
{
"name": "CVE-2026-23321",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23321"
},
{
"name": "CVE-2026-23460",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23460"
},
{
"name": "CVE-2026-31678",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31678"
},
{
"name": "CVE-2026-31587",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31587"
},
{
"name": "CVE-2025-71161",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71161"
},
{
"name": "CVE-2026-31540",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31540"
},
{
"name": "CVE-2026-23395",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23395"
},
{
"name": "CVE-2026-31651",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31651"
},
{
"name": "CVE-2023-53228",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-53228"
},
{
"name": "CVE-2026-23100",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23100"
},
{
"name": "CVE-2026-31503",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31503"
},
{
"name": "CVE-2026-31657",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31657"
},
{
"name": "CVE-2026-31747",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31747"
},
{
"name": "CVE-2026-31455",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31455"
},
{
"name": "CVE-2026-31624",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31624"
},
{
"name": "CVE-2026-23306",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23306"
},
{
"name": "CVE-2026-31585",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31585"
},
{
"name": "CVE-2026-31474",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31474"
},
{
"name": "CVE-2026-23374",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23374"
},
{
"name": "CVE-2026-23378",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23378"
},
{
"name": "CVE-2026-31646",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31646"
},
{
"name": "CVE-2026-31519",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31519"
},
{
"name": "CVE-2026-23464",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23464"
},
{
"name": "CVE-2026-31439",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31439"
},
{
"name": "CVE-2026-23291",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23291"
},
{
"name": "CVE-2026-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23413"
},
{
"name": "CVE-2026-31436",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31436"
},
{
"name": "CVE-2025-68239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68239"
},
{
"name": "CVE-2026-23382",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23382"
},
{
"name": "CVE-2026-31410",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31410"
},
{
"name": "CVE-2026-31446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31446"
},
{
"name": "CVE-2026-31644",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31644"
},
{
"name": "CVE-2026-23113",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23113"
},
{
"name": "CVE-2026-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23157"
},
{
"name": "CVE-2026-31464",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31464"
},
{
"name": "CVE-2026-31500",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31500"
},
{
"name": "CVE-2026-31695",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31695"
},
{
"name": "CVE-2025-37980",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-37980"
},
{
"name": "CVE-2026-23231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23231"
},
{
"name": "CVE-2025-40261",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40261"
},
{
"name": "CVE-2026-31558",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31558"
},
{
"name": "CVE-2026-23312",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23312"
},
{
"name": "CVE-2026-31639",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31639"
},
{
"name": "CVE-2026-31508",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31508"
},
{
"name": "CVE-2026-23365",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23365"
},
{
"name": "CVE-2026-23419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23419"
},
{
"name": "CVE-2026-31424",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31424"
},
{
"name": "CVE-2026-23375",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23375"
},
{
"name": "CVE-2026-23356",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23356"
},
{
"name": "CVE-2026-23307",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23307"
},
{
"name": "CVE-2025-38162",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38162"
},
{
"name": "CVE-2026-31477",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31477"
},
{
"name": "CVE-2026-23249",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23249"
},
{
"name": "CVE-2026-43038",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43038"
},
{
"name": "CVE-2026-43013",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43013"
},
{
"name": "CVE-2026-31454",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31454"
},
{
"name": "CVE-2025-38659",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38659"
},
{
"name": "CVE-2026-23386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23386"
},
{
"name": "CVE-2026-31452",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31452"
},
{
"name": "CVE-2026-31407",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31407"
},
{
"name": "CVE-2026-23398",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23398"
},
{
"name": "CVE-2026-31602",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31602"
},
{
"name": "CVE-2026-31425",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31425"
},
{
"name": "CVE-2026-31440",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31440"
},
{
"name": "CVE-2026-23276",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23276"
},
{
"name": "CVE-2026-31629",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31629"
},
{
"name": "CVE-2026-23351",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23351"
},
{
"name": "CVE-2026-43050",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-43050"
},
{
"name": "CVE-2026-31438",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31438"
},
{
"name": "CVE-2026-23154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23154"
},
{
"name": "CVE-2026-31673",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31673"
},
{
"name": "CVE-2026-31667",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31667"
}
],
"initial_release_date": "2026-05-07T00:00:00",
"last_revision_date": "2026-05-07T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0548",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-05-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de Debian. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de Debian",
"vendor_advisories": [
{
"published_at": "2026-05-01",
"title": "Bulletin de s\u00e9curit\u00e9 Debian msg00154",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00154.html"
},
{
"published_at": "2026-04-30",
"title": "Bulletin de s\u00e9curit\u00e9 Debian msg00148",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00148.html"
}
]
}
OPENSUSE-SU-2026:10703-1
Vulnerability from csaf_opensuse - Published: 2026-05-06 00:00 - Updated: 2026-05-06 00:00Summary
kernel-devel-7.0.3-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: kernel-devel-7.0.3-1.1 on GA media
Description of the patch: These are all security issues fixed in the kernel-devel-7.0.3-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2026-10703
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.5 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.6 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.1 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-7.0.3-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-7.0.3-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10703",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10703-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31532 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31532/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31574 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31574/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31575 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31575/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31576 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31577 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31577/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31578 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31578/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31579 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31579/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31580 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31580/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31581 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31581/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31582 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31582/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31583 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31583/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31584 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31584/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31585 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31585/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31586 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31587 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31588 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31589 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31589/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31590 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31591 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31591/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31592 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31592/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31593 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31594 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31595 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31595/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31596 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31596/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31597 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31598 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31598/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31599 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31599/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31600 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31600/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31601 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31602 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31602/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31603 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31603/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31604 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31604/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31605 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31605/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31606 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31607 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31607/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31608 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31608/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31609 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31610 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31610/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31611 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31612 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31612/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31613 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31614 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31614/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31615 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31616 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31617 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31618 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31619 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31620 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31621 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31622 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31623 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31624 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31625 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31626 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31626/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31627 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31627/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31628 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31629 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31686 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31786 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31786/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31787 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31787/"
}
],
"title": "kernel-devel-7.0.3-1.1 on GA media",
"tracking": {
"current_release_date": "2026-05-06T00:00:00Z",
"generator": {
"date": "2026-05-06T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10703-1",
"initial_release_date": "2026-05-06T00:00:00Z",
"revision_history": [
{
"date": "2026-05-06T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-7.0.3-1.1.aarch64",
"product": {
"name": "kernel-devel-7.0.3-1.1.aarch64",
"product_id": "kernel-devel-7.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-7.0.3-1.1.aarch64",
"product": {
"name": "kernel-macros-7.0.3-1.1.aarch64",
"product_id": "kernel-macros-7.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-7.0.3-1.1.aarch64",
"product": {
"name": "kernel-source-7.0.3-1.1.aarch64",
"product_id": "kernel-source-7.0.3-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-7.0.3-1.1.aarch64",
"product": {
"name": "kernel-source-vanilla-7.0.3-1.1.aarch64",
"product_id": "kernel-source-vanilla-7.0.3-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-7.0.3-1.1.ppc64le",
"product": {
"name": "kernel-devel-7.0.3-1.1.ppc64le",
"product_id": "kernel-devel-7.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-7.0.3-1.1.ppc64le",
"product": {
"name": "kernel-macros-7.0.3-1.1.ppc64le",
"product_id": "kernel-macros-7.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-7.0.3-1.1.ppc64le",
"product": {
"name": "kernel-source-7.0.3-1.1.ppc64le",
"product_id": "kernel-source-7.0.3-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-7.0.3-1.1.ppc64le",
"product": {
"name": "kernel-source-vanilla-7.0.3-1.1.ppc64le",
"product_id": "kernel-source-vanilla-7.0.3-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-7.0.3-1.1.s390x",
"product": {
"name": "kernel-devel-7.0.3-1.1.s390x",
"product_id": "kernel-devel-7.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-7.0.3-1.1.s390x",
"product": {
"name": "kernel-macros-7.0.3-1.1.s390x",
"product_id": "kernel-macros-7.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-7.0.3-1.1.s390x",
"product": {
"name": "kernel-source-7.0.3-1.1.s390x",
"product_id": "kernel-source-7.0.3-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-7.0.3-1.1.s390x",
"product": {
"name": "kernel-source-vanilla-7.0.3-1.1.s390x",
"product_id": "kernel-source-vanilla-7.0.3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-7.0.3-1.1.x86_64",
"product": {
"name": "kernel-devel-7.0.3-1.1.x86_64",
"product_id": "kernel-devel-7.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-7.0.3-1.1.x86_64",
"product": {
"name": "kernel-macros-7.0.3-1.1.x86_64",
"product_id": "kernel-macros-7.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-7.0.3-1.1.x86_64",
"product": {
"name": "kernel-source-7.0.3-1.1.x86_64",
"product_id": "kernel-source-7.0.3-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-7.0.3-1.1.x86_64",
"product": {
"name": "kernel-source-vanilla-7.0.3-1.1.x86_64",
"product_id": "kernel-source-vanilla-7.0.3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-7.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64"
},
"product_reference": "kernel-devel-7.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-7.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le"
},
"product_reference": "kernel-devel-7.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-7.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x"
},
"product_reference": "kernel-devel-7.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-7.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64"
},
"product_reference": "kernel-devel-7.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-7.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64"
},
"product_reference": "kernel-macros-7.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-7.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le"
},
"product_reference": "kernel-macros-7.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-7.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x"
},
"product_reference": "kernel-macros-7.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-7.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64"
},
"product_reference": "kernel-macros-7.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-7.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64"
},
"product_reference": "kernel-source-7.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-7.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le"
},
"product_reference": "kernel-source-7.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-7.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x"
},
"product_reference": "kernel-source-7.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-7.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64"
},
"product_reference": "kernel-source-7.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-7.0.3-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64"
},
"product_reference": "kernel-source-vanilla-7.0.3-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-7.0.3-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le"
},
"product_reference": "kernel-source-vanilla-7.0.3-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-7.0.3-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x"
},
"product_reference": "kernel-source-vanilla-7.0.3-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-7.0.3-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
},
"product_reference": "kernel-source-vanilla-7.0.3-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31532",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31532"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncan: raw: fix ro-\u003euniq use-after-free in raw_rcv()\n\nraw_release() unregisters raw CAN receive filters via can_rx_unregister(),\nbut receiver deletion is deferred with call_rcu(). This leaves a window\nwhere raw_rcv() may still be running in an RCU read-side critical section\nafter raw_release() frees ro-\u003euniq, leading to a use-after-free of the\npercpu uniq storage.\n\nMove free_percpu(ro-\u003euniq) out of raw_release() and into a raw-specific\nsocket destructor. can_rx_unregister() takes an extra reference to the\nsocket and only drops it from the RCU callback, so freeing uniq from\nsk_destruct ensures the percpu area is not released until the relevant\ncallbacks have drained.\n\n[mkl: applied manually]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31532",
"url": "https://www.suse.com/security/cve/CVE-2026-31532"
},
{
"category": "external",
"summary": "SUSE Bug 1262757 for CVE-2026-31532",
"url": "https://bugzilla.suse.com/1262757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31532"
},
{
"cve": "CVE-2026-31574",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31574"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclockevents: Add missing resets of the next_event_forced flag\n\nThe prevention mechanism against timer interrupt starvation missed to reset\nthe next_event_forced flag in a couple of places:\n\n - When the clock event state changes. That can cause the flag to be\n stale over a shutdown/startup sequence\n\n - When a non-forced event is armed, which then prevents rearming before\n that event. If that event is far out in the future this will cause\n missed timer interrupts.\n\n - In the suspend wakeup handler.\n\nThat led to stalls which have been reported by several people.\n\nAdd the missing resets, which fixes the problems for the reporters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31574",
"url": "https://www.suse.com/security/cve/CVE-2026-31574"
},
{
"category": "external",
"summary": "SUSE Bug 1263071 for CVE-2026-31574",
"url": "https://bugzilla.suse.com/1263071"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31574"
},
{
"cve": "CVE-2026-31575",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31575"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/userfaultfd: fix hugetlb fault mutex hash calculation\n\nIn mfill_atomic_hugetlb(), linear_page_index() is used to calculate the\npage index for hugetlb_fault_mutex_hash(). However, linear_page_index()\nreturns the index in PAGE_SIZE units, while hugetlb_fault_mutex_hash()\nexpects the index in huge page units. This mismatch means that different\naddresses within the same huge page can produce different hash values,\nleading to the use of different mutexes for the same huge page. This can\ncause races between faulting threads, which can corrupt the reservation\nmap and trigger the BUG_ON in resv_map_release().\n\nFix this by introducing hugetlb_linear_page_index(), which returns the\npage index in huge page granularity, and using it in place of\nlinear_page_index().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31575",
"url": "https://www.suse.com/security/cve/CVE-2026-31575"
},
{
"category": "external",
"summary": "SUSE Bug 1263067 for CVE-2026-31575",
"url": "https://bugzilla.suse.com/1263067"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31575"
},
{
"cve": "CVE-2026-31576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31576"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hackrf: fix to not free memory after the device is registered in hackrf_probe()\n\nIn hackrf driver, the following race condition occurs:\n```\n\t\tCPU0\t\t\t\t\t\tCPU1\nhackrf_probe()\n kzalloc(); // alloc hackrf_dev\n ....\n v4l2_device_register();\n ....\n\t\t\t\t\t\tfd = sys_open(\"/path/to/dev\"); // open hackrf fd\n\t\t\t\t\t\t....\n v4l2_device_unregister();\n ....\n kfree(); // free hackrf_dev\n ....\n\t\t\t\t\t\tsys_ioctl(fd, ...);\n\t\t\t\t\t\t v4l2_ioctl();\n\t\t\t\t\t\t video_is_registered() // UAF!!\n\t\t\t\t\t\t....\n\t\t\t\t\t\tsys_close(fd);\n\t\t\t\t\t\t v4l2_release() // UAF!!\n\t\t\t\t\t\t hackrf_video_release()\n\t\t\t\t\t\t kfree(); // DFB!!\n```\n\nWhen a V4L2 or video device is unregistered, the device node is removed so\nnew open() calls are blocked.\n\nHowever, file descriptors that are already open-and any in-flight I/O-do\nnot terminate immediately; they remain valid until the last reference is\ndropped and the driver\u0027s release() is invoked.\n\nTherefore, freeing device memory on the error path after hackrf_probe()\nhas registered dev it will lead to a race to use-after-free vuln, since\nthose already-open handles haven\u0027t been released yet.\n\nAnd since release() free memory too, race to use-after-free and\ndouble-free vuln occur.\n\nTo prevent this, if device is registered from probe(), it should be\nmodified to free memory only through release() rather than calling\nkfree() directly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31576",
"url": "https://www.suse.com/security/cve/CVE-2026-31576"
},
{
"category": "external",
"summary": "SUSE Bug 1263073 for CVE-2026-31576",
"url": "https://bugzilla.suse.com/1263073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31576"
},
{
"cve": "CVE-2026-31577",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31577"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map\n\nThe DAT inode\u0027s btree node cache (i_assoc_inode) is initialized lazily\nduring btree operations. However, nilfs_mdt_save_to_shadow_map()\nassumes i_assoc_inode is already initialized when copying dirty pages\nto the shadow map during GC.\n\nIf NILFS_IOCTL_CLEAN_SEGMENTS is called immediately after mount before\nany btree operation has occurred on the DAT inode, i_assoc_inode is\nNULL leading to a general protection fault.\n\nFix this by calling nilfs_attach_btree_node_cache() on the DAT inode\nin nilfs_dat_read() at mount time, ensuring i_assoc_inode is always\ninitialized before any GC operation can use it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31577",
"url": "https://www.suse.com/security/cve/CVE-2026-31577"
},
{
"category": "external",
"summary": "SUSE Bug 1263028 for CVE-2026-31577",
"url": "https://bugzilla.suse.com/1263028"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31577"
},
{
"cve": "CVE-2026-31578",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31578"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: as102: fix to not free memory after the device is registered in as102_usb_probe()\n\nIn as102_usb driver, the following race condition occurs:\n```\n\t\tCPU0\t\t\t\t\t\tCPU1\nas102_usb_probe()\n kzalloc(); // alloc as102_dev_t\n ....\n usb_register_dev();\n\t\t\t\t\t\tfd = sys_open(\"/path/to/dev\"); // open as102 fd\n\t\t\t\t\t\t....\n usb_deregister_dev();\n ....\n kfree(); // free as102_dev_t\n ....\n\t\t\t\t\t\tsys_close(fd);\n\t\t\t\t\t\t as102_release() // UAF!!\n\t\t\t\t\t\t as102_usb_release()\n\t\t\t\t\t\t kfree(); // DFB!!\n```\n\nWhen a USB character device registered with usb_register_dev() is later\nunregistered (via usb_deregister_dev() or disconnect), the device node is\nremoved so new open() calls fail. However, file descriptors that are\nalready open do not go away immediately: they remain valid until the last\nreference is dropped and the driver\u0027s .release() is invoked.\n\nIn as102, as102_usb_probe() calls usb_register_dev() and then, on an\nerror path, does usb_deregister_dev() and frees as102_dev_t right away.\nIf userspace raced a successful open() before the deregistration, that\nopen FD will later hit as102_release() --\u003e as102_usb_release() and access\nor free as102_dev_t again, occur a race to use-after-free and\ndouble-free vuln.\n\nThe fix is to never kfree(as102_dev_t) directly once usb_register_dev()\nhas succeeded. After deregistration, defer freeing memory to .release().\n\nIn other words, let release() perform the last kfree when the final open\nFD is closed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31578",
"url": "https://www.suse.com/security/cve/CVE-2026-31578"
},
{
"category": "external",
"summary": "SUSE Bug 1263075 for CVE-2026-31578",
"url": "https://bugzilla.suse.com/1263075"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31578"
},
{
"cve": "CVE-2026-31579",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31579"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit\n\nwg_netns_pre_exit() manually acquires rtnl_lock() inside the\npernet .pre_exit callback. This causes a hung task when another\nthread holds rtnl_mutex - the cleanup_net workqueue (or the\nsetup_net failure rollback path) blocks indefinitely in\nwg_netns_pre_exit() waiting to acquire the lock.\n\nConvert to .exit_rtnl, introduced in commit 7a60d91c690b (\"net:\nAdd -\u003eexit_rtnl() hook to struct pernet_operations.\"), where the\nframework already holds RTNL and batches all callbacks under a\nsingle rtnl_lock()/rtnl_unlock() pair, eliminating the contention\nwindow.\n\nThe rcu_assign_pointer(wg-\u003ecreating_net, NULL) is safe to move\nfrom .pre_exit to .exit_rtnl (which runs after synchronize_rcu())\nbecause all RCU readers of creating_net either use maybe_get_net()\n- which returns NULL for a dying namespace with zero refcount - or\naccess net-\u003euser_ns which remains valid throughout the entire\nops_undo_list sequence.\n\n[ Jason: added __net_exit and __read_mostly annotations that were missing. ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31579",
"url": "https://www.suse.com/security/cve/CVE-2026-31579"
},
{
"category": "external",
"summary": "SUSE Bug 1263074 for CVE-2026-31579",
"url": "https://bugzilla.suse.com/1263074"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31579"
},
{
"cve": "CVE-2026-31580",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31580"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbcache: fix cached_dev.sb_bio use-after-free and crash\n\nIn our production environment, we have received multiple crash reports\nregarding libceph, which have caught our attention:\n\n```\n[6888366.280350] Call Trace:\n[6888366.280452] blk_update_request+0x14e/0x370\n[6888366.280561] blk_mq_end_request+0x1a/0x130\n[6888366.280671] rbd_img_handle_request+0x1a0/0x1b0 [rbd]\n[6888366.280792] rbd_obj_handle_request+0x32/0x40 [rbd]\n[6888366.280903] __complete_request+0x22/0x70 [libceph]\n[6888366.281032] osd_dispatch+0x15e/0xb40 [libceph]\n[6888366.281164] ? inet_recvmsg+0x5b/0xd0\n[6888366.281272] ? ceph_tcp_recvmsg+0x6f/0xa0 [libceph]\n[6888366.281405] ceph_con_process_message+0x79/0x140 [libceph]\n[6888366.281534] ceph_con_v1_try_read+0x5d7/0xf30 [libceph]\n[6888366.281661] ceph_con_workfn+0x329/0x680 [libceph]\n```\n\nAfter analyzing the coredump file, we found that the address of\ndc-\u003esb_bio has been freed. We know that cached_dev is only freed when it\nis stopped.\n\nSince sb_bio is a part of struct cached_dev, rather than an alloc every\ntime. If the device is stopped while writing to the superblock, the\nreleased address will be accessed at endio.\n\nThis patch hopes to wait for sb_write to complete in cached_dev_free.\n\nIt should be noted that we analyzed the cause of the problem, then tell\nall details to the QWEN and adopted the modifications it made.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31580",
"url": "https://www.suse.com/security/cve/CVE-2026-31580"
},
{
"category": "external",
"summary": "SUSE Bug 1263169 for CVE-2026-31580",
"url": "https://bugzilla.suse.com/1263169"
},
{
"category": "external",
"summary": "SUSE Bug 1263171 for CVE-2026-31580",
"url": "https://bugzilla.suse.com/1263171"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31580"
},
{
"cve": "CVE-2026-31581",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31581"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: 6fire: fix use-after-free on disconnect\n\nIn usb6fire_chip_abort(), the chip struct is allocated as the card\u0027s\nprivate data (via snd_card_new with sizeof(struct sfire_chip)). When\nsnd_card_free_when_closed() is called and no file handles are open, the\ncard and embedded chip are freed synchronously. The subsequent\nchip-\u003ecard = NULL write then hits freed slab memory.\n\nCall trace:\n usb6fire_chip_abort sound/usb/6fire/chip.c:59 [inline]\n usb6fire_chip_disconnect+0x348/0x358 sound/usb/6fire/chip.c:182\n usb_unbind_interface+0x1a8/0x88c drivers/usb/core/driver.c:458\n ...\n hub_event+0x1a04/0x4518 drivers/usb/core/hub.c:5953\n\nFix by moving the card lifecycle out of usb6fire_chip_abort() and into\nusb6fire_chip_disconnect(). The card pointer is saved in a local\nbefore any teardown, snd_card_disconnect() is called first to prevent\nnew opens, URBs are aborted while chip is still valid, and\nsnd_card_free_when_closed() is called last so chip is never accessed\nafter the card may be freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31581",
"url": "https://www.suse.com/security/cve/CVE-2026-31581"
},
{
"category": "external",
"summary": "SUSE Bug 1263167 for CVE-2026-31581",
"url": "https://bugzilla.suse.com/1263167"
},
{
"category": "external",
"summary": "SUSE Bug 1263168 for CVE-2026-31581",
"url": "https://bugzilla.suse.com/1263168"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31581"
},
{
"cve": "CVE-2026-31582",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31582"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (powerz) Fix use-after-free on USB disconnect\n\nAfter powerz_disconnect() frees the URB and releases the mutex, a\nsubsequent powerz_read() call can acquire the mutex and call\npowerz_read_data(), which dereferences the freed URB pointer.\n\nFix by:\n - Setting priv-\u003eurb to NULL in powerz_disconnect() so that\n powerz_read_data() can detect the disconnected state.\n - Adding a !priv-\u003eurb check at the start of powerz_read_data()\n to return -ENODEV on a disconnected device.\n - Moving usb_set_intfdata() before hwmon registration so the\n disconnect handler can always find the priv pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31582",
"url": "https://www.suse.com/security/cve/CVE-2026-31582"
},
{
"category": "external",
"summary": "SUSE Bug 1263588 for CVE-2026-31582",
"url": "https://bugzilla.suse.com/1263588"
},
{
"category": "external",
"summary": "SUSE Bug 1263589 for CVE-2026-31582",
"url": "https://bugzilla.suse.com/1263589"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31582"
},
{
"cve": "CVE-2026-31583",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31583"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: em28xx: fix use-after-free in em28xx_v4l2_open()\n\nem28xx_v4l2_open() reads dev-\u003ev4l2 without holding dev-\u003elock,\ncreating a race with em28xx_v4l2_init()\u0027s error path and\nem28xx_v4l2_fini(), both of which free the em28xx_v4l2 struct\nand set dev-\u003ev4l2 to NULL under dev-\u003elock.\n\nThis race leads to two issues:\n - use-after-free in v4l2_fh_init() when accessing vdev-\u003ectrl_handler,\n since the video_device is embedded in the freed em28xx_v4l2 struct.\n - NULL pointer dereference in em28xx_resolution_set() when accessing\n v4l2-\u003enorm, since dev-\u003ev4l2 has been set to NULL.\n\nFix this by moving the mutex_lock() before the dev-\u003ev4l2 read and\nadding a NULL check for dev-\u003ev4l2 under the lock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31583",
"url": "https://www.suse.com/security/cve/CVE-2026-31583"
},
{
"category": "external",
"summary": "SUSE Bug 1263173 for CVE-2026-31583",
"url": "https://bugzilla.suse.com/1263173"
},
{
"category": "external",
"summary": "SUSE Bug 1263174 for CVE-2026-31583",
"url": "https://bugzilla.suse.com/1263174"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31583"
},
{
"cve": "CVE-2026-31584",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31584"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mediatek: vcodec: fix use-after-free in encoder release path\n\nThe fops_vcodec_release() function frees the context structure (ctx)\nwithout first cancelling any pending or running work in ctx-\u003eencode_work.\nThis creates a race window where the workqueue handler (mtk_venc_worker)\nmay still be accessing the context memory after it has been freed.\n\nRace condition:\n\n CPU 0 (release path) CPU 1 (workqueue)\n --------------------- ------------------\n fops_vcodec_release()\n v4l2_m2m_ctx_release()\n v4l2_m2m_cancel_job()\n // waits for m2m job \"done\"\n mtk_venc_worker()\n v4l2_m2m_job_finish()\n // m2m job \"done\"\n // BUT worker still running!\n // post-job_finish access:\n other ctx dereferences\n // UAF if ctx already freed\n // returns (job \"done\")\n kfree(ctx) // ctx freed\n\nRoot cause: The v4l2_m2m_ctx_release() only waits for the m2m job\nlifecycle (via TRANS_RUNNING flag), not the workqueue lifecycle.\nAfter v4l2_m2m_job_finish() is called, the m2m framework considers\nthe job complete and v4l2_m2m_ctx_release() returns, but the worker\nfunction continues executing and may still access ctx.\n\nThe work is queued during encode operations via:\n queue_work(ctx-\u003edev-\u003eencode_workqueue, \u0026ctx-\u003eencode_work)\nThe worker function accesses ctx-\u003em2m_ctx, ctx-\u003edev, and other ctx\nfields even after calling v4l2_m2m_job_finish().\n\nThis vulnerability was confirmed with KASAN by running an instrumented\ntest module that widens the post-job_finish race window. KASAN detected:\n\n BUG: KASAN: slab-use-after-free in mtk_venc_worker+0x159/0x180\n Read of size 4 at addr ffff88800326e000 by task kworker/u8:0/12\n\n Workqueue: mtk_vcodec_enc_wq mtk_venc_worker\n\n Allocated by task 47:\n __kasan_kmalloc+0x7f/0x90\n fops_vcodec_open+0x85/0x1a0\n\n Freed by task 47:\n __kasan_slab_free+0x43/0x70\n kfree+0xee/0x3a0\n fops_vcodec_release+0xb7/0x190\n\nFix this by calling cancel_work_sync(\u0026ctx-\u003eencode_work) before kfree(ctx).\nThis ensures the workqueue handler is both cancelled (if pending) and\nsynchronized (waits for any running handler to complete) before the\ncontext is freed.\n\nPlacement rationale: The fix is placed after v4l2_ctrl_handler_free()\nand before list_del_init(\u0026ctx-\u003elist). At this point, all m2m operations\nare done (v4l2_m2m_ctx_release() has returned), and we need to ensure\nthe workqueue is synchronized before removing ctx from the list and\nfreeing it.\n\nNote: The open error path does NOT need cancel_work_sync() because\nINIT_WORK() only initializes the work structure - it does not schedule\nit. Work is only scheduled later during device_run() operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31584",
"url": "https://www.suse.com/security/cve/CVE-2026-31584"
},
{
"category": "external",
"summary": "SUSE Bug 1263180 for CVE-2026-31584",
"url": "https://bugzilla.suse.com/1263180"
},
{
"category": "external",
"summary": "SUSE Bug 1263181 for CVE-2026-31584",
"url": "https://bugzilla.suse.com/1263181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31584"
},
{
"cve": "CVE-2026-31585",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31585"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: fix nfeeds state corruption on start_streaming failure\n\nsyzbot reported a memory leak in vidtv_psi_service_desc_init [1].\n\nWhen vidtv_start_streaming() fails inside vidtv_start_feed(), the\nnfeeds counter is left incremented even though no feed was actually\nstarted. This corrupts the driver state: subsequent start_feed calls\nsee nfeeds \u003e 1 and skip starting the mux, while stop_feed calls\neventually try to stop a non-existent stream.\n\nThis state corruption can also lead to memory leaks, since the mux\nand channel resources may be partially allocated during a failed\nstart_streaming but never cleaned up, as the stop path finds\ndvb-\u003estreaming == false and returns early.\n\nFix by decrementing nfeeds back when start_streaming fails, keeping\nthe counter in sync with the actual number of active feeds.\n\n[1]\nBUG: memory leak\nunreferenced object 0xffff888145b50820 (size 32):\n comm \"syz.0.17\", pid 6068, jiffies 4294944486\n backtrace (crc 90a0c7d4):\n vidtv_psi_service_desc_init+0x74/0x1b0 drivers/media/test-drivers/vidtv/vidtv_psi.c:288\n vidtv_channel_s302m_init+0xb1/0x2a0 drivers/media/test-drivers/vidtv/vidtv_channel.c:83\n vidtv_channels_init+0x1b/0x40 drivers/media/test-drivers/vidtv/vidtv_channel.c:524\n vidtv_mux_init+0x516/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:518\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline]\n vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31585",
"url": "https://www.suse.com/security/cve/CVE-2026-31585"
},
{
"category": "external",
"summary": "SUSE Bug 1263134 for CVE-2026-31585",
"url": "https://bugzilla.suse.com/1263134"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31585"
},
{
"cve": "CVE-2026-31586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31586"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: blk-cgroup: fix use-after-free in cgwb_release_workfn()\n\ncgwb_release_workfn() calls css_put(wb-\u003eblkcg_css) and then later accesses\nwb-\u003eblkcg_css again via blkcg_unpin_online(). If css_put() drops the last\nreference, the blkcg can be freed asynchronously (css_free_rwork_fn -\u003e\nblkcg_css_free -\u003e kfree) before blkcg_unpin_online() dereferences the\npointer to access blkcg-\u003eonline_pin, resulting in a use-after-free:\n\n BUG: KASAN: slab-use-after-free in blkcg_unpin_online (./include/linux/instrumented.h:112 ./include/linux/atomic/atomic-instrumented.h:400 ./include/linux/refcount.h:389 ./include/linux/refcount.h:432 ./include/linux/refcount.h:450 block/blk-cgroup.c:1367)\n Write of size 4 at addr ff11000117aa6160 by task kworker/71:1/531\n Workqueue: cgwb_release cgwb_release_workfn\n Call Trace:\n \u003cTASK\u003e\n blkcg_unpin_online (./include/linux/instrumented.h:112 ./include/linux/atomic/atomic-instrumented.h:400 ./include/linux/refcount.h:389 ./include/linux/refcount.h:432 ./include/linux/refcount.h:450 block/blk-cgroup.c:1367)\n cgwb_release_workfn (mm/backing-dev.c:629)\n process_scheduled_works (kernel/workqueue.c:3278 kernel/workqueue.c:3385)\n\n Freed by task 1016:\n kfree (./include/linux/kasan.h:235 mm/slub.c:2689 mm/slub.c:6246 mm/slub.c:6561)\n css_free_rwork_fn (kernel/cgroup/cgroup.c:5542)\n process_scheduled_works (kernel/workqueue.c:3302 kernel/workqueue.c:3385)\n\n** Stack based on commit 66672af7a095 (\"Add linux-next specific files\nfor 20260410\")\n\nI am seeing this crash sporadically in Meta fleet across multiple kernel\nversions. A full reproducer is available at:\nhttps://github.com/leitao/debug/blob/main/reproducers/repro_blkcg_uaf.sh\n\n(The race window is narrow. To make it easily reproducible, inject a\nmsleep(100) between css_put() and blkcg_unpin_online() in\ncgwb_release_workfn(). With that delay and a KASAN-enabled kernel, the\nreproducer triggers the splat reliably in less than a second.)\n\nFix this by moving blkcg_unpin_online() before css_put(), so the\ncgwb\u0027s CSS reference keeps the blkcg alive while blkcg_unpin_online()\naccesses it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31586",
"url": "https://www.suse.com/security/cve/CVE-2026-31586"
},
{
"category": "external",
"summary": "SUSE Bug 1263176 for CVE-2026-31586",
"url": "https://bugzilla.suse.com/1263176"
},
{
"category": "external",
"summary": "SUSE Bug 1263177 for CVE-2026-31586",
"url": "https://bugzilla.suse.com/1263177"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31586"
},
{
"cve": "CVE-2026-31587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31587"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: q6apm: move component registration to unmanaged version\n\nq6apm component registers dais dynamically from ASoC toplology, which\nare allocated using device managed version apis. Allocating both\ncomponent and dynamic dais using managed version could lead to incorrect\nfree ordering, dai will be freed while component still holding references\nto it.\n\nFix this issue by moving component to unmanged version so\nthat the dai pointers are only freeded after the component is removed.\n\n==================================================================\nBUG: KASAN: slab-use-after-free in snd_soc_del_component_unlocked+0x3d4/0x400 [snd_soc_core]\nRead of size 8 at addr ffff00084493a6e8 by task kworker/u48:0/3426\nTainted: [W]=WARN\nHardware name: LENOVO 21N2ZC5PUS/21N2ZC5PUS, BIOS N42ET57W (1.31 ) 08/08/2024\nWorkqueue: pdr_notifier_wq pdr_notifier_work [pdr_interface]\nCall trace:\n show_stack+0x28/0x7c (C)\n dump_stack_lvl+0x60/0x80\n print_report+0x160/0x4b4\n kasan_report+0xac/0xfc\n __asan_report_load8_noabort+0x20/0x34\n snd_soc_del_component_unlocked+0x3d4/0x400 [snd_soc_core]\n snd_soc_unregister_component_by_driver+0x50/0x88 [snd_soc_core]\n devm_component_release+0x30/0x5c [snd_soc_core]\n devres_release_all+0x13c/0x210\n device_unbind_cleanup+0x20/0x190\n device_release_driver_internal+0x350/0x468\n device_release_driver+0x18/0x30\n bus_remove_device+0x1a0/0x35c\n device_del+0x314/0x7f0\n device_unregister+0x20/0xbc\n apr_remove_device+0x5c/0x7c [apr]\n device_for_each_child+0xd8/0x160\n apr_pd_status+0x7c/0xa8 [apr]\n pdr_notifier_work+0x114/0x240 [pdr_interface]\n process_one_work+0x500/0xb70\n worker_thread+0x630/0xfb0\n kthread+0x370/0x6c0\n ret_from_fork+0x10/0x20\n\nAllocated by task 77:\n kasan_save_stack+0x40/0x68\n kasan_save_track+0x20/0x40\n kasan_save_alloc_info+0x44/0x58\n __kasan_kmalloc+0xbc/0xdc\n __kmalloc_node_track_caller_noprof+0x1f4/0x620\n devm_kmalloc+0x7c/0x1c8\n snd_soc_register_dai+0x50/0x4f0 [snd_soc_core]\n soc_tplg_pcm_elems_load+0x55c/0x1eb8 [snd_soc_core]\n snd_soc_tplg_component_load+0x4f8/0xb60 [snd_soc_core]\n audioreach_tplg_init+0x124/0x1fc [snd_q6apm]\n q6apm_audio_probe+0x10/0x1c [snd_q6apm]\n snd_soc_component_probe+0x5c/0x118 [snd_soc_core]\n soc_probe_component+0x44c/0xaf0 [snd_soc_core]\n snd_soc_bind_card+0xad0/0x2370 [snd_soc_core]\n snd_soc_register_card+0x3b0/0x4c0 [snd_soc_core]\n devm_snd_soc_register_card+0x50/0xc8 [snd_soc_core]\n x1e80100_platform_probe+0x208/0x368 [snd_soc_x1e80100]\n platform_probe+0xc0/0x188\n really_probe+0x188/0x804\n __driver_probe_device+0x158/0x358\n driver_probe_device+0x60/0x190\n __device_attach_driver+0x16c/0x2a8\n bus_for_each_drv+0x100/0x194\n __device_attach+0x174/0x380\n device_initial_probe+0x14/0x20\n bus_probe_device+0x124/0x154\n deferred_probe_work_func+0x140/0x220\n process_one_work+0x500/0xb70\n worker_thread+0x630/0xfb0\n kthread+0x370/0x6c0\n ret_from_fork+0x10/0x20\n\nFreed by task 3426:\n kasan_save_stack+0x40/0x68\n kasan_save_track+0x20/0x40\n __kasan_save_free_info+0x4c/0x80\n __kasan_slab_free+0x78/0xa0\n kfree+0x100/0x4a4\n devres_release_all+0x144/0x210\n device_unbind_cleanup+0x20/0x190\n device_release_driver_internal+0x350/0x468\n device_release_driver+0x18/0x30\n bus_remove_device+0x1a0/0x35c\n device_del+0x314/0x7f0\n device_unregister+0x20/0xbc\n apr_remove_device+0x5c/0x7c [apr]\n device_for_each_child+0xd8/0x160\n apr_pd_status+0x7c/0xa8 [apr]\n pdr_notifier_work+0x114/0x240 [pdr_interface]\n process_one_work+0x500/0xb70\n worker_thread+0x630/0xfb0\n kthread+0x370/0x6c0\n ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31587",
"url": "https://www.suse.com/security/cve/CVE-2026-31587"
},
{
"category": "external",
"summary": "SUSE Bug 1263145 for CVE-2026-31587",
"url": "https://bugzilla.suse.com/1263145"
},
{
"category": "external",
"summary": "SUSE Bug 1263146 for CVE-2026-31587",
"url": "https://bugzilla.suse.com/1263146"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31587"
},
{
"cve": "CVE-2026-31588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31588"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: x86: Use scratch field in MMIO fragment to hold small write values\n\nWhen exiting to userspace to service an emulated MMIO write, copy the\nto-be-written value to a scratch field in the MMIO fragment if the size\nof the data payload is 8 bytes or less, i.e. can fit in a single chunk,\ninstead of pointing the fragment directly at the source value.\n\nThis fixes a class of use-after-free bugs that occur when the emulator\ninitiates a write using an on-stack, local variable as the source, the\nwrite splits a page boundary, *and* both pages are MMIO pages. Because\nKVM\u0027s ABI only allows for physically contiguous MMIO requests, accesses\nthat split MMIO pages are separated into two fragments, and are sent to\nuserspace one at a time. When KVM attempts to complete userspace MMIO in\nresponse to KVM_RUN after the first fragment, KVM will detect the second\nfragment and generate a second userspace exit, and reference the on-stack\nvariable.\n\nThe issue is most visible if the second KVM_RUN is performed by a separate\ntask, in which case the stack of the initiating task can show up as truly\nfreed data.\n\n ==================================================================\n BUG: KASAN: use-after-free in complete_emulated_mmio+0x305/0x420\n Read of size 1 at addr ffff888009c378d1 by task syz-executor417/984\n\n CPU: 1 PID: 984 Comm: syz-executor417 Not tainted 5.10.0-182.0.0.95.h2627.eulerosv2r13.x86_64 #3\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.15.0-0-g2dd4b9b3f840-prebuilt.qemu.org 04/01/2014 Call Trace:\n dump_stack+0xbe/0xfd\n print_address_description.constprop.0+0x19/0x170\n __kasan_report.cold+0x6c/0x84\n kasan_report+0x3a/0x50\n check_memory_region+0xfd/0x1f0\n memcpy+0x20/0x60\n complete_emulated_mmio+0x305/0x420\n kvm_arch_vcpu_ioctl_run+0x63f/0x6d0\n kvm_vcpu_ioctl+0x413/0xb20\n __se_sys_ioctl+0x111/0x160\n do_syscall_64+0x30/0x40\n entry_SYSCALL_64_after_hwframe+0x67/0xd1\n RIP: 0033:0x42477d\n Code: \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007faa8e6890e8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00000000004d7338 RCX: 000000000042477d\n RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005\n RBP: 00000000004d7330 R08: 00007fff28d546df R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 00000000004d733c\n R13: 0000000000000000 R14: 000000000040a200 R15: 00007fff28d54720\n\n The buggy address belongs to the page:\n page:0000000029f6a428 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x9c37\n flags: 0xfffffc0000000(node=0|zone=1|lastcpupid=0x1fffff)\n raw: 000fffffc0000000 0000000000000000 ffffea0000270dc8 0000000000000000\n raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: kasan: bad access detected\n\n Memory state around the buggy address:\n ffff888009c37780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff888009c37800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n \u003effff888009c37880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ^\n ffff888009c37900: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ffff888009c37980: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff\n ==================================================================\n\nThe bug can also be reproduced with a targeted KVM-Unit-Test by hacking\nKVM to fill a large on-stack variable in complete_emulated_mmio(), i.e. by\noverwrite the data value with garbage.\n\nLimit the use of the scratch fields to 8-byte or smaller accesses, and to\njust writes, as larger accesses and reads are not affected thanks to\nimplementation details in the emulator, but add a sanity check to ensure\nthose details don\u0027t change in the future. Specifically, KVM never uses\non-stack variables for accesses larger that 8 bytes, e.g. uses an operand\nin the emulator context, and *al\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31588",
"url": "https://www.suse.com/security/cve/CVE-2026-31588"
},
{
"category": "external",
"summary": "SUSE Bug 1263165 for CVE-2026-31588",
"url": "https://bugzilla.suse.com/1263165"
},
{
"category": "external",
"summary": "SUSE Bug 1263166 for CVE-2026-31588",
"url": "https://bugzilla.suse.com/1263166"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31588"
},
{
"cve": "CVE-2026-31589",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31589"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: call -\u003efree_folio() directly in folio_unmap_invalidate()\n\nWe can only call filemap_free_folio() if we have a reference to (or hold a\nlock on) the mapping. Otherwise, we\u0027ve already removed the folio from the\nmapping so it no longer pins the mapping and the mapping can be removed,\ncausing a use-after-free when accessing mapping-\u003ea_ops.\n\nFollow the same pattern as __remove_mapping() and load the free_folio\nfunction pointer before dropping the lock on the mapping. That lets us\nmake filemap_free_folio() static as this was the only caller outside\nfilemap.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31589",
"url": "https://www.suse.com/security/cve/CVE-2026-31589"
},
{
"category": "external",
"summary": "SUSE Bug 1263125 for CVE-2026-31589",
"url": "https://bugzilla.suse.com/1263125"
},
{
"category": "external",
"summary": "SUSE Bug 1263127 for CVE-2026-31589",
"url": "https://bugzilla.suse.com/1263127"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31589"
},
{
"cve": "CVE-2026-31590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31590"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION\n\nDrop the WARN in sev_pin_memory() on npages overflowing an int, as the\nWARN is comically trivially to trigger from userspace, e.g. by doing:\n\n struct kvm_enc_region range = {\n .addr = 0,\n .size = -1ul,\n };\n\n __vm_ioctl(vm, KVM_MEMORY_ENCRYPT_REG_REGION, \u0026range);\n\nNote, the checks in sev_mem_enc_register_region() that presumably exist to\nverify the incoming address+size are completely worthless, as both \"addr\"\nand \"size\" are u64s and SEV is 64-bit only, i.e. they _can\u0027t_ be greater\nthan ULONG_MAX. That wart will be cleaned up in the near future.\n\n\tif (range-\u003eaddr \u003e ULONG_MAX || range-\u003esize \u003e ULONG_MAX)\n\t\treturn -EINVAL;\n\nOpportunistically add a comment to explain why the code calculates the\nnumber of pages the \"hard\" way, e.g. instead of just shifting @ulen.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31590",
"url": "https://www.suse.com/security/cve/CVE-2026-31590"
},
{
"category": "external",
"summary": "SUSE Bug 1263152 for CVE-2026-31590",
"url": "https://bugzilla.suse.com/1263152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31590"
},
{
"cve": "CVE-2026-31591",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31591"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish\n\nLock all vCPUs when synchronizing and encrypting VMSAs for SNP guests, as\nallowing userspace to manipulate and/or run a vCPU while its state is being\nsynchronized would at best corrupt vCPU state, and at worst crash the host\nkernel.\n\nOpportunistically assert that vcpu-\u003emutex is held when synchronizing its\nVMSA (the SEV-ES path already locks vCPUs).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31591",
"url": "https://www.suse.com/security/cve/CVE-2026-31591"
},
{
"category": "external",
"summary": "SUSE Bug 1263122 for CVE-2026-31591",
"url": "https://bugzilla.suse.com/1263122"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31591"
},
{
"cve": "CVE-2026-31592",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31592"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm-\u003elock\n\nTake and hold kvm-\u003elock for before checking sev_guest() in\nsev_mem_enc_register_region(), as sev_guest() isn\u0027t stable unless kvm-\u003elock\nis held (or KVM can guarantee KVM_SEV_INIT{2} has completed and can\u0027t\nrollack state). If KVM_SEV_INIT{2} fails, KVM can end up trying to add to\na not-yet-initialized sev-\u003eregions_list, e.g. triggering a #GP\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\n CPU: 110 UID: 0 PID: 72717 Comm: syz.15.11462 Tainted: G U W O 6.16.0-smp-DEV #1 NONE\n Tainted: [U]=USER, [W]=WARN, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.52.0-0 10/28/2024\n RIP: 0010:sev_mem_enc_register_region+0x3f0/0x4f0 ../include/linux/list.h:83\n Code: \u003c41\u003e 80 3c 04 00 74 08 4c 89 ff e8 f1 c7 a2 00 49 39 ed 0f 84 c6 00\n RSP: 0018:ffff88838647fbb8 EFLAGS: 00010256\n RAX: dffffc0000000000 RBX: 1ffff92015cf1e0b RCX: dffffc0000000000\n RDX: 0000000000000000 RSI: 0000000000001000 RDI: ffff888367870000\n RBP: ffffc900ae78f050 R08: ffffea000d9e0007 R09: 1ffffd4001b3c000\n R10: dffffc0000000000 R11: fffff94001b3c001 R12: 0000000000000000\n R13: ffff8982ab0bde00 R14: ffffc900ae78f058 R15: 0000000000000000\n FS: 00007f34e9dc66c0(0000) GS:ffff89ee64d33000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fe180adef98 CR3: 000000047210e000 CR4: 0000000000350ef0\n Call Trace:\n \u003cTASK\u003e\n kvm_arch_vm_ioctl+0xa72/0x1240 ../arch/x86/kvm/x86.c:7371\n kvm_vm_ioctl+0x649/0x990 ../virt/kvm/kvm_main.c:5363\n __se_sys_ioctl+0x101/0x170 ../fs/ioctl.c:51\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x6f/0x1f0 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7f34e9f7e9a9\n Code: \u003c48\u003e 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48\n RSP: 002b:00007f34e9dc6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010\n RAX: ffffffffffffffda RBX: 00007f34ea1a6080 RCX: 00007f34e9f7e9a9\n RDX: 0000200000000280 RSI: 000000008010aebb RDI: 0000000000000007\n RBP: 00007f34ea000d69 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\n R13: 0000000000000000 R14: 00007f34ea1a6080 R15: 00007ffce77197a8\n \u003c/TASK\u003e\n\nwith a syzlang reproducer that looks like:\n\n syz_kvm_add_vcpu$x86(0x0, \u0026(0x7f0000000040)={0x0, \u0026(0x7f0000000180)=ANY=[], 0x70}) (async)\n syz_kvm_add_vcpu$x86(0x0, \u0026(0x7f0000000080)={0x0, \u0026(0x7f0000000180)=ANY=[@ANYBLOB=\"...\"], 0x4f}) (async)\n r0 = openat$kvm(0xffffffffffffff9c, \u0026(0x7f0000000200), 0x0, 0x0)\n r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)\n r2 = openat$kvm(0xffffffffffffff9c, \u0026(0x7f0000000240), 0x0, 0x0)\n r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)\n ioctl$KVM_SET_CLOCK(r3, 0xc008aeba, \u0026(0x7f0000000040)={0x1, 0x8, 0x0, 0x5625e9b0}) (async)\n ioctl$KVM_SET_PIT2(r3, 0x8010aebb, \u0026(0x7f0000000280)={[...], 0x5}) (async)\n ioctl$KVM_SET_PIT2(r1, 0x4070aea0, 0x0) (async)\n r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)\n openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)\n ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, \u0026(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, \u0026(0x7f0000001000/0x2000)=nil}) (async)\n r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)\n close(r0) (async)\n openat$kvm(0xffffffffffffff9c, \u0026(0x7f0000000000), 0x8000, 0x0) (async)\n ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, \u0026(0x7f0000000300)={0x4376ea830d46549b, 0x0, [0x46, 0x0, 0x0, 0x0, 0x0, 0x1000]}) (async)\n ioctl$KVM_RUN(r5, 0xae80, 0x0)\n\nOpportunistically use guard() to avoid having to define a new error label\nand goto usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31592",
"url": "https://www.suse.com/security/cve/CVE-2026-31592"
},
{
"category": "external",
"summary": "SUSE Bug 1263123 for CVE-2026-31592",
"url": "https://bugzilla.suse.com/1263123"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31592"
},
{
"cve": "CVE-2026-31593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31593"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU\n\nReject synchronizing vCPU state to its associated VMSA if the vCPU has\nalready been launched, i.e. if the VMSA has already been encrypted. On a\nhost with SNP enabled, accessing guest-private memory generates an RMP #PF\nand panics the host.\n\n BUG: unable to handle page fault for address: ff1276cbfdf36000\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x80000003) - RMP violation\n PGD 5a31801067 P4D 5a31802067 PUD 40ccfb5063 PMD 40e5954063 PTE 80000040fdf36163\n SEV-SNP: PFN 0x40fdf36, RMP entry: [0x6010fffffffff001 - 0x000000000000001f]\n Oops: Oops: 0003 [#1] SMP NOPTI\n CPU: 33 UID: 0 PID: 996180 Comm: qemu-system-x86 Tainted: G OE\n Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE\n Hardware name: Dell Inc. PowerEdge R7625/0H1TJT, BIOS 1.5.8 07/21/2023\n RIP: 0010:sev_es_sync_vmsa+0x54/0x4c0 [kvm_amd]\n Call Trace:\n \u003cTASK\u003e\n snp_launch_update_vmsa+0x19d/0x290 [kvm_amd]\n snp_launch_finish+0xb6/0x380 [kvm_amd]\n sev_mem_enc_ioctl+0x14e/0x720 [kvm_amd]\n kvm_arch_vm_ioctl+0x837/0xcf0 [kvm]\n kvm_vm_ioctl+0x3fd/0xcc0 [kvm]\n __x64_sys_ioctl+0xa3/0x100\n x64_sys_call+0xfe0/0x2350\n do_syscall_64+0x81/0x10f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7ffff673287d\n \u003c/TASK\u003e\n\nNote, the KVM flaw has been present since commit ad73109ae7ec (\"KVM: SVM:\nProvide support to launch and run an SEV-ES guest\"), but has only been\nactively dangerous for the host since SNP support was added. With SEV-ES,\nKVM would \"just\" clobber guest state, which is totally fine from a host\nkernel perspective since userspace can clobber guest state any time before\nsev_launch_update_vmsa().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31593",
"url": "https://www.suse.com/security/cve/CVE-2026-31593"
},
{
"category": "external",
"summary": "SUSE Bug 1263124 for CVE-2026-31593",
"url": "https://bugzilla.suse.com/1263124"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31593"
},
{
"cve": "CVE-2026-31594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31594"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown\n\nepf_ntb_epc_destroy() duplicates the teardown that the caller is\nsupposed to perform later. This leads to an oops when .allow_link fails\nor when .drop_link is performed. The following is an example oops of the\nformer case:\n\n Unable to handle kernel paging request at virtual address dead000000000108\n [...]\n [dead000000000108] address between user and kernel address ranges\n Internal error: Oops: 0000000096000044 [#1] SMP\n [...]\n Call trace:\n pci_epc_remove_epf+0x78/0xe0 (P)\n pci_primary_epc_epf_link+0x88/0xa8\n configfs_symlink+0x1f4/0x5a0\n vfs_symlink+0x134/0x1d8\n do_symlinkat+0x88/0x138\n __arm64_sys_symlinkat+0x74/0xe0\n [...]\n\nRemove the helper, and drop pci_epc_put(). EPC device refcounting is\ntied to the configfs EPC group lifetime, and pci_epc_put() in the\n.drop_link path is sufficient.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31594",
"url": "https://www.suse.com/security/cve/CVE-2026-31594"
},
{
"category": "external",
"summary": "SUSE Bug 1263129 for CVE-2026-31594",
"url": "https://bugzilla.suse.com/1263129"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31594"
},
{
"cve": "CVE-2026-31595",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31595"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup\n\nDisable the delayed work before clearing BAR mappings and doorbells to\navoid running the handler after resources have been torn down.\n\n Unable to handle kernel paging request at virtual address ffff800083f46004\n [...]\n Internal error: Oops: 0000000096000007 [#1] SMP\n [...]\n Call trace:\n epf_ntb_cmd_handler+0x54/0x200 [pci_epf_vntb] (P)\n process_one_work+0x154/0x3b0\n worker_thread+0x2c8/0x400\n kthread+0x148/0x210\n ret_from_fork+0x10/0x20",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31595",
"url": "https://www.suse.com/security/cve/CVE-2026-31595"
},
{
"category": "external",
"summary": "SUSE Bug 1263130 for CVE-2026-31595",
"url": "https://bugzilla.suse.com/1263130"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31595"
},
{
"cve": "CVE-2026-31596",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31596"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: handle invalid dinode in ocfs2_group_extend\n\n[BUG]\nkernel BUG at fs/ocfs2/resize.c:308!\nOops: invalid opcode: 0000 [#1] SMP KASAN NOPTI\nRIP: 0010:ocfs2_group_extend+0x10aa/0x1ae0 fs/ocfs2/resize.c:308\nCode: 8b8520ff ffff83f8 860f8580 030000e8 5cc3c1fe\nCall Trace:\n ...\n ocfs2_ioctl+0x175/0x6e0 fs/ocfs2/ioctl.c:869\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x197/0x1e0 fs/ioctl.c:583\n x64_sys_call+0x1144/0x26a0 arch/x86/include/generated/asm/syscalls_64.h:17\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0x93/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ...\n\n[CAUSE]\nocfs2_group_extend() assumes that the global bitmap inode block\nreturned from ocfs2_inode_lock() has already been validated and\nBUG_ONs when the signature is not a dinode. That assumption is too\nstrong for crafted filesystems because the JBD2-managed buffer path\ncan bypass structural validation and return an invalid dinode to the\nresize ioctl.\n\n[FIX]\nValidate the dinode explicitly in ocfs2_group_extend(). If the global\nbitmap buffer does not contain a valid dinode, report filesystem\ncorruption with ocfs2_error() and fail the resize operation instead of\ncrashing the kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31596",
"url": "https://www.suse.com/security/cve/CVE-2026-31596"
},
{
"category": "external",
"summary": "SUSE Bug 1263319 for CVE-2026-31596",
"url": "https://bugzilla.suse.com/1263319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31596"
},
{
"cve": "CVE-2026-31597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31597"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY\n\nfilemap_fault() may drop the mmap_lock before returning VM_FAULT_RETRY,\nas documented in mm/filemap.c:\n\n \"If our return value has VM_FAULT_RETRY set, it\u0027s because the mmap_lock\n may be dropped before doing I/O or by lock_folio_maybe_drop_mmap().\"\n\nWhen this happens, a concurrent munmap() can call remove_vma() and free\nthe vm_area_struct via RCU. The saved \u0027vma\u0027 pointer in ocfs2_fault() then\nbecomes a dangling pointer, and the subsequent trace_ocfs2_fault() call\ndereferences it -- a use-after-free.\n\nFix this by saving ip_blkno as a plain integer before calling\nfilemap_fault(), and removing vma from the trace event. Since\nip_blkno is copied by value before the lock can be dropped, it\nremains valid regardless of what happens to the vma or inode\nafterward.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31597",
"url": "https://www.suse.com/security/cve/CVE-2026-31597"
},
{
"category": "external",
"summary": "SUSE Bug 1263717 for CVE-2026-31597",
"url": "https://bugzilla.suse.com/1263717"
},
{
"category": "external",
"summary": "SUSE Bug 1263719 for CVE-2026-31597",
"url": "https://bugzilla.suse.com/1263719"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31597"
},
{
"cve": "CVE-2026-31598",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31598"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: fix possible deadlock between unlink and dio_end_io_write\n\nocfs2_unlink takes orphan dir inode_lock first and then ip_alloc_sem,\nwhile in ocfs2_dio_end_io_write, it acquires these locks in reverse order.\nThis creates an ABBA lock ordering violation on lock classes\nocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] and\nocfs2_file_ip_alloc_sem_key.\n\nLock Chain #0 (orphan dir inode_lock -\u003e ip_alloc_sem):\nocfs2_unlink\n ocfs2_prepare_orphan_dir\n ocfs2_lookup_lock_orphan_dir\n inode_lock(orphan_dir_inode) \u003c- lock A\n __ocfs2_prepare_orphan_dir\n ocfs2_prepare_dir_for_insert\n ocfs2_extend_dir\n\t ocfs2_expand_inline_dir\n\t down_write(\u0026oi-\u003eip_alloc_sem) \u003c- Lock B\n\nLock Chain #1 (ip_alloc_sem -\u003e orphan dir inode_lock):\nocfs2_dio_end_io_write\n down_write(\u0026oi-\u003eip_alloc_sem) \u003c- Lock B\n ocfs2_del_inode_from_orphan()\n inode_lock(orphan_dir_inode) \u003c- Lock A\n\nDeadlock Scenario:\n CPU0 (unlink) CPU1 (dio_end_io_write)\n ------ ------\n inode_lock(orphan_dir_inode)\n down_write(ip_alloc_sem)\n down_write(ip_alloc_sem)\n inode_lock(orphan_dir_inode)\n\nSince ip_alloc_sem is to protect allocation changes, which is unrelated\nwith operations in ocfs2_del_inode_from_orphan. So move\nocfs2_del_inode_from_orphan out of ip_alloc_sem to fix the deadlock.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31598",
"url": "https://www.suse.com/security/cve/CVE-2026-31598"
},
{
"category": "external",
"summary": "SUSE Bug 1263718 for CVE-2026-31598",
"url": "https://bugzilla.suse.com/1263718"
},
{
"category": "external",
"summary": "SUSE Bug 1263720 for CVE-2026-31598",
"url": "https://bugzilla.suse.com/1263720"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31598"
},
{
"cve": "CVE-2026-31599",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31599"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections\n\nsyzbot reported a general protection fault in vidtv_psi_desc_assign [1].\n\nvidtv_psi_pmt_stream_init() can return NULL on memory allocation\nfailure, but vidtv_channel_pmt_match_sections() does not check for\nthis. When tail is NULL, the subsequent call to\nvidtv_psi_desc_assign(\u0026tail-\u003edescriptor, desc) dereferences a NULL\npointer offset, causing a general protection fault.\n\nAdd a NULL check after vidtv_psi_pmt_stream_init(). On failure, clean\nup the already-allocated stream chain and return.\n\n[1]\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]\nRIP: 0010:vidtv_psi_desc_assign+0x24/0x90 drivers/media/test-drivers/vidtv/vidtv_psi.c:629\nCall Trace:\n \u003cTASK\u003e\n vidtv_channel_pmt_match_sections drivers/media/test-drivers/vidtv/vidtv_channel.c:349 [inline]\n vidtv_channel_si_init+0x1445/0x1a50 drivers/media/test-drivers/vidtv/vidtv_channel.c:479\n vidtv_mux_init+0x526/0xbe0 drivers/media/test-drivers/vidtv/vidtv_mux.c:519\n vidtv_start_streaming drivers/media/test-drivers/vidtv/vidtv_bridge.c:194 [inline]\n vidtv_start_feed+0x33e/0x4d0 drivers/media/test-drivers/vidtv/vidtv_bridge.c:239",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31599",
"url": "https://www.suse.com/security/cve/CVE-2026-31599"
},
{
"category": "external",
"summary": "SUSE Bug 1263031 for CVE-2026-31599",
"url": "https://bugzilla.suse.com/1263031"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31599"
},
{
"cve": "CVE-2026-31600",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31600"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: mm: Handle invalid large leaf mappings correctly\n\nIt has been possible for a long time to mark ptes in the linear map as\ninvalid. This is done for secretmem, kfence, realm dma memory un/share,\nand others, by simply clearing the PTE_VALID bit. But until commit\na166563e7ec37 (\"arm64: mm: support large block mapping when\nrodata=full\") large leaf mappings were never made invalid in this way.\n\nIt turns out various parts of the code base are not equipped to handle\ninvalid large leaf mappings (in the way they are currently encoded) and\nI\u0027ve observed a kernel panic while booting a realm guest on a\nBBML2_NOABORT system as a result:\n\n[ 15.432706] software IO TLB: Memory encryption is active and system is using DMA bounce buffers\n[ 15.476896] Unable to handle kernel paging request at virtual address ffff000019600000\n[ 15.513762] Mem abort info:\n[ 15.527245] ESR = 0x0000000096000046\n[ 15.548553] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 15.572146] SET = 0, FnV = 0\n[ 15.592141] EA = 0, S1PTW = 0\n[ 15.612694] FSC = 0x06: level 2 translation fault\n[ 15.640644] Data abort info:\n[ 15.661983] ISV = 0, ISS = 0x00000046, ISS2 = 0x00000000\n[ 15.694875] CM = 0, WnR = 1, TnD = 0, TagAccess = 0\n[ 15.723740] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 15.755776] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000081f3f000\n[ 15.800410] [ffff000019600000] pgd=0000000000000000, p4d=180000009ffff403, pud=180000009fffe403, pmd=00e8000199600704\n[ 15.855046] Internal error: Oops: 0000000096000046 [#1] SMP\n[ 15.886394] Modules linked in:\n[ 15.900029] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 7.0.0-rc4-dirty #4 PREEMPT\n[ 15.935258] Hardware name: linux,dummy-virt (DT)\n[ 15.955612] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)\n[ 15.986009] pc : __pi_memcpy_generic+0x128/0x22c\n[ 16.006163] lr : swiotlb_bounce+0xf4/0x158\n[ 16.024145] sp : ffff80008000b8f0\n[ 16.038896] x29: ffff80008000b8f0 x28: 0000000000000000 x27: 0000000000000000\n[ 16.069953] x26: ffffb3976d261ba8 x25: 0000000000000000 x24: ffff000019600000\n[ 16.100876] x23: 0000000000000001 x22: ffff0000043430d0 x21: 0000000000007ff0\n[ 16.131946] x20: 0000000084570010 x19: 0000000000000000 x18: ffff00001ffe3fcc\n[ 16.163073] x17: 0000000000000000 x16: 00000000003fffff x15: 646e612065766974\n[ 16.194131] x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n[ 16.225059] x11: 0000000000000000 x10: 0000000000000010 x9 : 0000000000000018\n[ 16.256113] x8 : 0000000000000018 x7 : 0000000000000000 x6 : 0000000000000000\n[ 16.287203] x5 : ffff000019607ff0 x4 : ffff000004578000 x3 : ffff000019600000\n[ 16.318145] x2 : 0000000000007ff0 x1 : ffff000004570010 x0 : ffff000019600000\n[ 16.349071] Call trace:\n[ 16.360143] __pi_memcpy_generic+0x128/0x22c (P)\n[ 16.380310] swiotlb_tbl_map_single+0x154/0x2b4\n[ 16.400282] swiotlb_map+0x5c/0x228\n[ 16.415984] dma_map_phys+0x244/0x2b8\n[ 16.432199] dma_map_page_attrs+0x44/0x58\n[ 16.449782] virtqueue_map_page_attrs+0x38/0x44\n[ 16.469596] virtqueue_map_single_attrs+0xc0/0x130\n[ 16.490509] virtnet_rq_alloc.isra.0+0xa4/0x1fc\n[ 16.510355] try_fill_recv+0x2a4/0x584\n[ 16.526989] virtnet_open+0xd4/0x238\n[ 16.542775] __dev_open+0x110/0x24c\n[ 16.558280] __dev_change_flags+0x194/0x20c\n[ 16.576879] netif_change_flags+0x24/0x6c\n[ 16.594489] dev_change_flags+0x48/0x7c\n[ 16.611462] ip_auto_config+0x258/0x1114\n[ 16.628727] do_one_initcall+0x80/0x1c8\n[ 16.645590] kernel_init_freeable+0x208/0x2f0\n[ 16.664917] kernel_init+0x24/0x1e0\n[ 16.680295] ret_from_fork+0x10/0x20\n[ 16.696369] Code: 927cec03 cb0e0021 8b0e0042 a9411c26 (a900340c)\n[ 16.723106] ---[ end trace 0000000000000000 ]---\n[ 16.752866] Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b\n[ 16.792556] Kernel Offset: 0x3396ea200000 from 0xffff8000800000\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31600",
"url": "https://www.suse.com/security/cve/CVE-2026-31600"
},
{
"category": "external",
"summary": "SUSE Bug 1263721 for CVE-2026-31600",
"url": "https://bugzilla.suse.com/1263721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31600"
},
{
"cve": "CVE-2026-31601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31601"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvfio/xe: Reorganize the init to decouple migration from reset\n\nAttempting to issue reset on VF devices that don\u0027t support migration\nleads to the following:\n\n BUG: unable to handle page fault for address: 00000000000011f8\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP NOPTI\n CPU: 2 UID: 0 PID: 7443 Comm: xe_sriov_flr Tainted: G S U 7.0.0-rc1-lgci-xe-xe-4588-cec43d5c2696af219-nodebug+ #1 PREEMPT(lazy)\n Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n RIP: 0010:xe_sriov_vfio_wait_flr_done+0xc/0x80 [xe]\n Code: ff c3 cc cc cc cc 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 54 53 \u003c83\u003e bf f8 11 00 00 02 75 61 41 89 f4 85 f6 74 52 48 8b 47 08 48 89\n RSP: 0018:ffffc9000f7c39b8 EFLAGS: 00010202\n RAX: ffffffffa04d8660 RBX: ffff88813e3e4000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\n RBP: ffffc9000f7c39c8 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000000 R12: ffff888101a48800\n R13: ffff88813e3e4150 R14: ffff888130d0d008 R15: ffff88813e3e40d0\n FS: 00007877d3d0d940(0000) GS:ffff88890b6d3000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00000000000011f8 CR3: 000000015a762000 CR4: 0000000000f52ef0\n PKRU: 55555554\n Call Trace:\n \u003cTASK\u003e\n xe_vfio_pci_reset_done+0x49/0x120 [xe_vfio_pci]\n pci_dev_restore+0x3b/0x80\n pci_reset_function+0x109/0x140\n reset_store+0x5c/0xb0\n dev_attr_store+0x17/0x40\n sysfs_kf_write+0x72/0x90\n kernfs_fop_write_iter+0x161/0x1f0\n vfs_write+0x261/0x440\n ksys_write+0x69/0xf0\n __x64_sys_write+0x19/0x30\n x64_sys_call+0x259/0x26e0\n do_syscall_64+0xcb/0x1500\n ? __fput+0x1a2/0x2d0\n ? fput_close_sync+0x3d/0xa0\n ? __x64_sys_close+0x3e/0x90\n ? x64_sys_call+0x1b7c/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? __task_pid_nr_ns+0x68/0x100\n ? __do_sys_getpid+0x1d/0x30\n ? x64_sys_call+0x10b5/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? putname+0x41/0x90\n ? do_faccessat+0x1e8/0x300\n ? __x64_sys_access+0x1c/0x30\n ? x64_sys_call+0x1822/0x26e0\n ? do_syscall_64+0x109/0x1500\n ? tick_program_event+0x43/0xa0\n ? hrtimer_interrupt+0x126/0x260\n ? irqentry_exit+0xb2/0x710\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n RIP: 0033:0x7877d5f1c5a4\n Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d a5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 \u003c48\u003e 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89\n RSP: 002b:00007fff48e5f908 EFLAGS: 00000202 ORIG_RAX: 0000000000000001\n RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007877d5f1c5a4\n RDX: 0000000000000001 RSI: 00007877d621b0c9 RDI: 0000000000000009\n RBP: 0000000000000001 R08: 00005fb49113b010 R09: 0000000000000007\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007877d621b0c9\n R13: 0000000000000009 R14: 00007fff48e5fac0 R15: 00007fff48e5fac0\n \u003c/TASK\u003e\n\nThis is caused by the fact that some of the xe_vfio_pci_core_device\nmembers needed for handling reset are only initialized as part of\nmigration init.\n\nFix the problem by reorganizing the code to decouple VF init from\nmigration init.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31601",
"url": "https://www.suse.com/security/cve/CVE-2026-31601"
},
{
"category": "external",
"summary": "SUSE Bug 1263722 for CVE-2026-31601",
"url": "https://bugzilla.suse.com/1263722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31601"
},
{
"cve": "CVE-2026-31602",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31602"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: ctxfi: Limit PTP to a single page\n\nCommit 391e69143d0a increased CT_PTP_NUM from 1 to 4 to support 256\nplayback streams, but the additional pages are not used by the card\ncorrectly. The CT20K2 hardware already has multiple VMEM_PTPAL\nregisters, but using them separately would require refactoring the\nentire virtual memory allocation logic.\n\nct_vm_map() always uses PTEs in vm-\u003eptp[0].area regardless of\nCT_PTP_NUM. On AMD64 systems, a single PTP covers 512 PTEs (2M). When\naggregate memory allocations exceed this limit, ct_vm_map() tries to\naccess beyond the allocated space and causes a page fault:\n\n BUG: unable to handle page fault for address: ffffd4ae8a10a000\n Oops: Oops: 0002 [#1] SMP PTI\n RIP: 0010:ct_vm_map+0x17c/0x280 [snd_ctxfi]\n Call Trace:\n atc_pcm_playback_prepare+0x225/0x3b0\n ct_pcm_playback_prepare+0x38/0x60\n snd_pcm_do_prepare+0x2f/0x50\n snd_pcm_action_single+0x36/0x90\n snd_pcm_action_nonatomic+0xbf/0xd0\n snd_pcm_ioctl+0x28/0x40\n __x64_sys_ioctl+0x97/0xe0\n do_syscall_64+0x81/0x610\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nRevert CT_PTP_NUM to 1. The 256 SRC_RESOURCE_NUM and playback_count\nremain unchanged.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31602",
"url": "https://www.suse.com/security/cve/CVE-2026-31602"
},
{
"category": "external",
"summary": "SUSE Bug 1263723 for CVE-2026-31602",
"url": "https://bugzilla.suse.com/1263723"
},
{
"category": "external",
"summary": "SUSE Bug 1264132 for CVE-2026-31602",
"url": "https://bugzilla.suse.com/1264132"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31602"
},
{
"cve": "CVE-2026-31603",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31603"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: sm750fb: fix division by zero in ps_to_hz()\n\nps_to_hz() is called from hw_sm750_crtc_set_mode() without validating\nthat pixclock is non-zero. A zero pixclock passed via FBIOPUT_VSCREENINFO\ncauses a division by zero.\n\nFix by rejecting zero pixclock in lynxfb_ops_check_var(), consistent\nwith other framebuffer drivers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31603",
"url": "https://www.suse.com/security/cve/CVE-2026-31603"
},
{
"category": "external",
"summary": "SUSE Bug 1263491 for CVE-2026-31603",
"url": "https://bugzilla.suse.com/1263491"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31603"
},
{
"cve": "CVE-2026-31604",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31604"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtw88: fix device leak on probe failure\n\nDriver core holds a reference to the USB interface and its parent USB\ndevice while the interface is bound to a driver and there is no need to\ntake additional references unless the structures are needed after\ndisconnect.\n\nThis driver takes a reference to the USB device during probe but does\nnot to release it on all probe errors (e.g. when descriptor parsing\nfails).\n\nDrop the redundant device reference to fix the leak, reduce cargo\nculting, make it easier to spot drivers where an extra reference is\nneeded, and reduce the risk of further memory leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31604",
"url": "https://www.suse.com/security/cve/CVE-2026-31604"
},
{
"category": "external",
"summary": "SUSE Bug 1263045 for CVE-2026-31604",
"url": "https://bugzilla.suse.com/1263045"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31604"
},
{
"cve": "CVE-2026-31605",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31605"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO\n\nMuch like commit 19f953e74356 (\"fbdev: fb_pm2fb: Avoid potential divide\nby zero error\"), we also need to prevent that same crash from happening\nin the udlfb driver as it uses pixclock directly when dividing, which\nwill crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31605",
"url": "https://www.suse.com/security/cve/CVE-2026-31605"
},
{
"category": "external",
"summary": "SUSE Bug 1263493 for CVE-2026-31605",
"url": "https://bugzilla.suse.com/1263493"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31605"
},
{
"cve": "CVE-2026-31606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_hid: don\u0027t call cdev_init while cdev in use\n\nWhen calling unbind, then bind again, cdev_init reinitialized the cdev,\neven though there may still be references to it. That\u0027s the case when\nthe /dev/hidg* device is still opened. This obviously unsafe behavior\nlike oopes.\n\nThis fixes this by using cdev_alloc to put the cdev on the heap. That\nway, we can simply allocate a new one in hidg_bind.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31606",
"url": "https://www.suse.com/security/cve/CVE-2026-31606"
},
{
"category": "external",
"summary": "SUSE Bug 1263591 for CVE-2026-31606",
"url": "https://bugzilla.suse.com/1263591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31606"
},
{
"cve": "CVE-2026-31607",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31607"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusbip: validate number_of_packets in usbip_pack_ret_submit()\n\nWhen a USB/IP client receives a RET_SUBMIT response,\nusbip_pack_ret_submit() unconditionally overwrites\nurb-\u003enumber_of_packets from the network PDU. This value is\nsubsequently used as the loop bound in usbip_recv_iso() and\nusbip_pad_iso() to iterate over urb-\u003eiso_frame_desc[], a flexible\narray whose size was fixed at URB allocation time based on the\n*original* number_of_packets from the CMD_SUBMIT.\n\nA malicious USB/IP server can set number_of_packets in the response\nto a value larger than what was originally submitted, causing a heap\nout-of-bounds write when usbip_recv_iso() writes to\nurb-\u003eiso_frame_desc[i] beyond the allocated region.\n\nKASAN confirmed this with kernel 7.0.0-rc5:\n\n BUG: KASAN: slab-out-of-bounds in usbip_recv_iso+0x46a/0x640\n Write of size 4 at addr ffff888106351d40 by task vhci_rx/69\n\n The buggy address is located 0 bytes to the right of\n allocated 320-byte region [ffff888106351c00, ffff888106351d40)\n\nThe server side (stub_rx.c) and gadget side (vudc_rx.c) already\nvalidate number_of_packets in the CMD_SUBMIT path since commits\nc6688ef9f297 (\"usbip: fix stub_rx: harden CMD_SUBMIT path to handle\nmalicious input\") and b78d830f0049 (\"usbip: fix vudc_rx: harden\nCMD_SUBMIT path to handle malicious input\"). The server side validates\nagainst USBIP_MAX_ISO_PACKETS because no URB exists yet at that point.\nOn the client side we have the original URB, so we can use the tighter\nbound: the response must not exceed the original number_of_packets.\n\nThis mirrors the existing validation of actual_length against\ntransfer_buffer_length in usbip_recv_xbuff(), which checks the\nresponse value against the original allocation size.\n\nKelvin Mbogo\u0027s series (\"usb: usbip: fix integer overflow in\nusbip_recv_iso()\", v2) hardens the receive-side functions themselves;\nthis patch complements that work by catching the bad value at its\nsource -- in usbip_pack_ret_submit() before the overwrite -- and\nusing the tighter per-URB allocation bound rather than the global\nUSBIP_MAX_ISO_PACKETS limit.\n\nFix this by checking rpdu-\u003enumber_of_packets against\nurb-\u003enumber_of_packets in usbip_pack_ret_submit() before the\noverwrite. On violation, clamp to zero so that usbip_recv_iso() and\nusbip_pad_iso() safely return early.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31607",
"url": "https://www.suse.com/security/cve/CVE-2026-31607"
},
{
"category": "external",
"summary": "SUSE Bug 1263600 for CVE-2026-31607",
"url": "https://bugzilla.suse.com/1263600"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31607"
},
{
"cve": "CVE-2026-31608",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31608"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()\n\nsmb_direct_flush_send_list() already calls smb_direct_free_sendmsg(),\nso we should not call it again after post_sendmsg()\nmoved it to the batch list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31608",
"url": "https://www.suse.com/security/cve/CVE-2026-31608"
},
{
"category": "external",
"summary": "SUSE Bug 1263664 for CVE-2026-31608",
"url": "https://bugzilla.suse.com/1263664"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31608"
},
{
"cve": "CVE-2026-31609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31609"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush()\n\nsmbd_send_batch_flush() already calls smbd_free_send_io(),\nso we should not call it again after smbd_post_send()\nmoved it to the batch list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31609",
"url": "https://www.suse.com/security/cve/CVE-2026-31609"
},
{
"category": "external",
"summary": "SUSE Bug 1263663 for CVE-2026-31609",
"url": "https://bugzilla.suse.com/1263663"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31609"
},
{
"cve": "CVE-2026-31610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31610"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix mechToken leak when SPNEGO decode fails after token alloc\n\nThe kernel ASN.1 BER decoder calls action callbacks incrementally as it\nwalks the input. When ksmbd_decode_negTokenInit() reaches the mechToken\n[2] OCTET STRING element, ksmbd_neg_token_alloc() allocates\nconn-\u003emechToken immediately via kmemdup_nul(). If a later element in\nthe same blob is malformed, then the decoder will return nonzero after\nthe allocation is already live. This could happen if mechListMIC [3]\noverrunse the enclosing SEQUENCE.\n\ndecode_negotiation_token() then sets conn-\u003euse_spnego = false because\nboth the negTokenInit and negTokenTarg grammars failed. The cleanup at\nthe bottom of smb2_sess_setup() is gated on use_spnego:\n\n\tif (conn-\u003euse_spnego \u0026\u0026 conn-\u003emechToken) {\n\t\tkfree(conn-\u003emechToken);\n\t\tconn-\u003emechToken = NULL;\n\t}\n\nso the kfree is skipped, causing the mechToken to never be freed.\n\nThis codepath is reachable pre-authentication, so untrusted clients can\ncause slow memory leaks on a server without even being properly\nauthenticated.\n\nFix this up by not checking check for use_spnego, as it\u0027s not required,\nso the memory will always be properly freed. At the same time, always\nfree the memory in ksmbd_conn_free() incase some other failure path\nforgot to free it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31610",
"url": "https://www.suse.com/security/cve/CVE-2026-31610"
},
{
"category": "external",
"summary": "SUSE Bug 1263046 for CVE-2026-31610",
"url": "https://bugzilla.suse.com/1263046"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31610"
},
{
"cve": "CVE-2026-31611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31611"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: require 3 sub-authorities before reading sub_auth[2]\n\nparse_dacl() compares each ACE SID against sid_unix_NFS_mode and on\nmatch reads sid.sub_auth[2] as the file mode. If sid_unix_NFS_mode is\nthe prefix S-1-5-88-3 with num_subauth = 2 then compare_sids() compares\nonly min(num_subauth, 2) sub-authorities so a client SID with\nnum_subauth = 2 and sub_auth = {88, 3} will match.\n\nIf num_subauth = 2 and the ACE is placed at the very end of the security\ndescriptor, sub_auth[2] will be 4 bytes past end_of_acl. The\nout-of-band bytes will then be masked to the low 9 bits and applied as\nthe file\u0027s POSIX mode, probably not something that is good to have\nhappen.\n\nFix this up by forcing the SID to actually carry a third sub-authority\nbefore reading it at all.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31611",
"url": "https://www.suse.com/security/cve/CVE-2026-31611"
},
{
"category": "external",
"summary": "SUSE Bug 1263763 for CVE-2026-31611",
"url": "https://bugzilla.suse.com/1263763"
},
{
"category": "external",
"summary": "SUSE Bug 1263764 for CVE-2026-31611",
"url": "https://bugzilla.suse.com/1263764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31611"
},
{
"cve": "CVE-2026-31612",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31612"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate EaNameLength in smb2_get_ea()\n\nsmb2_get_ea() reads ea_req-\u003eEaNameLength from the client request and\npasses it directly to strncmp() as the comparison length without\nverifying that the length of the name really is the size of the input\nbuffer received.\n\nFix this up by properly checking the size of the name based on the value\nreceived and the overall size of the request, to prevent a later\nstrncmp() call to use the length as a \"trusted\" size of the buffer.\nWithout this check, uninitialized heap values might be slowly leaked to\nthe client.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31612",
"url": "https://www.suse.com/security/cve/CVE-2026-31612"
},
{
"category": "external",
"summary": "SUSE Bug 1263768 for CVE-2026-31612",
"url": "https://bugzilla.suse.com/1263768"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31612"
},
{
"cve": "CVE-2026-31613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix OOB reads parsing symlink error response\n\nWhen a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message()\nreturns success without any length validation, leaving the symlink\nparsers as the only defense against an untrusted server.\n\nsymlink_data() walks SMB 3.1.1 error contexts with the loop test \"p \u003c\nend\", but reads p-\u003eErrorId at offset 4 and p-\u003eErrorDataLength at offset\n0. When the server-controlled ErrorDataLength advances p to within 1-7\nbytes of end, the next iteration will read past it. When the matching\ncontext is found, sym-\u003eSymLinkErrorTag is read at offset 4 from\np-\u003eErrorContextData with no check that the symlink header itself fits.\n\nsmb2_parse_symlink_response() then bounds-checks the substitute name\nusing SMB2_SYMLINK_STRUCT_SIZE as the offset of PathBuffer from\niov_base. That value is computed as sizeof(smb2_err_rsp) +\nsizeof(smb2_symlink_err_rsp), which is correct only when\nErrorContextCount == 0.\n\nWith at least one error context the symlink data sits 8 bytes deeper,\nand each skipped non-matching context shifts it further by 8 +\nALIGN(ErrorDataLength, 8). The check is too short, allowing the\nsubstitute name read to run past iov_len. The out-of-bound heap bytes\nare UTF-16-decoded into the symlink target and returned to userspace via\nreadlink(2).\n\nFix this all up by making the loops test require the full context header\nto fit, rejecting sym if its header runs past end, and bound the\nsubstitute name against the actual position of sym-\u003ePathBuffer rather\nthan a fixed offset.\n\nBecause sub_offs and sub_len are 16bits, the pointer math will not\noverflow here with the new greater-than.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31613",
"url": "https://www.suse.com/security/cve/CVE-2026-31613"
},
{
"category": "external",
"summary": "SUSE Bug 1263769 for CVE-2026-31613",
"url": "https://bugzilla.suse.com/1263769"
},
{
"category": "external",
"summary": "SUSE Bug 1263770 for CVE-2026-31613",
"url": "https://bugzilla.suse.com/1263770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31613"
},
{
"cve": "CVE-2026-31614",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31614"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix off-by-8 bounds check in check_wsl_eas()\n\nThe bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA\nname and value, but ea_data sits at offset sizeof(struct\nsmb2_file_full_ea_info) = 8 from ea, not at offset 0. The strncmp()\nlater reads ea-\u003eea_data[0..nlen-1] and the value bytes follow at\nea_data[nlen+1..nlen+vlen], so the actual end is ea-\u003eea_data + nlen + 1\n+ vlen. Isn\u0027t pointer math fun?\n\nThe earlier check (u8 *)ea \u003e end - sizeof(*ea) only guarantees the\n8-byte header is in bounds, but since the last EA is placed within 8\nbytes of the end of the response, the name and value bytes are read past\nthe end of iov.\n\nFix this mess all up by using ea-\u003eea_data as the base for the bounds\ncheck.\n\nAn \"untrusted\" server can use this to leak up to 8 bytes of kernel heap\ninto the EA name comparison and influence which WSL xattr the data is\ninterpreted as.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31614",
"url": "https://www.suse.com/security/cve/CVE-2026-31614"
},
{
"category": "external",
"summary": "SUSE Bug 1263774 for CVE-2026-31614",
"url": "https://bugzilla.suse.com/1263774"
},
{
"category": "external",
"summary": "SUSE Bug 1263775 for CVE-2026-31614",
"url": "https://bugzilla.suse.com/1263775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31614"
},
{
"cve": "CVE-2026-31615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31615"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: renesas_usb3: validate endpoint index in standard request handlers\n\nThe GET_STATUS and SET/CLEAR_FEATURE handlers extract the endpoint\nnumber from the host-supplied wIndex without any sort of validation.\nFix this up by validating the number of endpoints actually match up with\nthe number the device has before attempting to dereference a pointer\nbased on this math.\n\nThis is just like what was done in commit ee0d382feb44 (\"usb: gadget:\naspeed_udc: validate endpoint index for ast udc\") for the aspeed driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31615",
"url": "https://www.suse.com/security/cve/CVE-2026-31615"
},
{
"category": "external",
"summary": "SUSE Bug 1263776 for CVE-2026-31615",
"url": "https://bugzilla.suse.com/1263776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31615"
},
{
"cve": "CVE-2026-31616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31616"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete()\n\nA broken/bored/mean USB host can overflow the skb_shared_info-\u003efrags[]\narray on a Linux gadget exposing a Phonet function by sending an\nunbounded sequence of full-page OUT transfers.\n\npn_rx_complete() finalizes the skb only when req-\u003eactual \u003c req-\u003elength,\nwhere req-\u003elength is set to PAGE_SIZE by the gadget. If the host always\nsends exactly PAGE_SIZE bytes per transfer, fp-\u003erx.skb will never be\nreset and each completion will add another fragment via\nskb_add_rx_frag(). Once nr_frags exceeds MAX_SKB_FRAGS (default 17),\nsubsequent frag stores overwrite memory adjacent to the shinfo on the\nheap.\n\nDrop the skb and account a length error when the frag limit is reached,\nmatching the fix applied in t7xx by commit f0813bcd2d9d (\"net: wwan:\nt7xx: fix potential skb-\u003efrags overflow in RX path\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31616",
"url": "https://www.suse.com/security/cve/CVE-2026-31616"
},
{
"category": "external",
"summary": "SUSE Bug 1263777 for CVE-2026-31616",
"url": "https://bugzilla.suse.com/1263777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31616"
},
{
"cve": "CVE-2026-31617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31617"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb()\n\nThe block_len read from the host-supplied NTB header is checked against\nntb_max but has no lower bound. When block_len is smaller than\nopts-\u003endp_size, the bounds check of:\n\tndp_index \u003e (block_len - opts-\u003endp_size)\nwill underflow producing a huge unsigned value that ndp_index can never\nexceed, defeating the check entirely.\n\nThe same underflow occurs in the datagram index checks against block_len\n- opts-\u003edpe_size. With those checks neutered, a malicious USB host can\nchoose ndp_index and datagram offsets that point past the actual\ntransfer, and the skb_put_data() copies adjacent kernel memory into the\nnetwork skb.\n\nFix this by rejecting block lengths that cannot hold at least the NTB\nheader plus one NDP. This will make block_len - opts-\u003endp_size and\nblock_len - opts-\u003edpe_size both well-defined.\n\nCommit 8d2b1a1ec9f5 (\"CDC-NCM: avoid overflow in sanity checking\") fixed\na related class of issues on the host side of NCM.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31617",
"url": "https://www.suse.com/security/cve/CVE-2026-31617"
},
{
"category": "external",
"summary": "SUSE Bug 1263780 for CVE-2026-31617",
"url": "https://bugzilla.suse.com/1263780"
},
{
"category": "external",
"summary": "SUSE Bug 1263781 for CVE-2026-31617",
"url": "https://bugzilla.suse.com/1263781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31617"
},
{
"cve": "CVE-2026-31618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31618"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO\n\nMuch like commit 19f953e74356 (\"fbdev: fb_pm2fb: Avoid potential divide\nby zero error\"), we also need to prevent that same crash from happening\nin the udlfb driver as it uses pixclock directly when dividing, which\nwill crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31618",
"url": "https://www.suse.com/security/cve/CVE-2026-31618"
},
{
"category": "external",
"summary": "SUSE Bug 1263785 for CVE-2026-31618",
"url": "https://bugzilla.suse.com/1263785"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31618"
},
{
"cve": "CVE-2026-31619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31619"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: fireworks: bound device-supplied status before string array lookup\n\nThe status field in an EFW response is a 32-bit value supplied by the\nfirewire device. efr_status_names[] has 17 entries so a status value\noutside that range goes off into the weeds when looking at the %s value.\n\nEven worse, the status could return EFR_STATUS_INCOMPLETE which is\n0x80000000, and is obviously not in that array of potential strings.\n\nFix this up by properly bounding the index against the array size and\nprinting \"unknown\" if it\u0027s not recognized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31619",
"url": "https://www.suse.com/security/cve/CVE-2026-31619"
},
{
"category": "external",
"summary": "SUSE Bug 1263806 for CVE-2026-31619",
"url": "https://bugzilla.suse.com/1263806"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31619"
},
{
"cve": "CVE-2026-31620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31620"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: usx2y: us144mkii: fix NULL deref on missing interface 0\n\nA malicious USB device with the TASCAM US-144MKII device id can have a\nconfiguration containing bInterfaceNumber=1 but no interface 0. USB\nconfiguration descriptors are not required to assign interface numbers\nsequentially, so usb_ifnum_to_if(dev, 0) returns will NULL, which will\nthen be dereferenced directly.\n\nFix this up by checking the return value properly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31620",
"url": "https://www.suse.com/security/cve/CVE-2026-31620"
},
{
"category": "external",
"summary": "SUSE Bug 1263029 for CVE-2026-31620",
"url": "https://bugzilla.suse.com/1263029"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31620"
},
{
"cve": "CVE-2026-31621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31621"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbnge: return after auxiliary_device_uninit() in error path\n\nWhen auxiliary_device_add() fails, the error block calls\nauxiliary_device_uninit() but does not return. The uninit drops the\nlast reference and synchronously runs bnge_aux_dev_release(), which sets\nbd-\u003eauxr_dev = NULL and frees the underlying object. The subsequent\nbd-\u003eauxr_dev-\u003enet = bd-\u003enetdev then dereferences NULL, which is not a\ngood thing to have happen when trying to clean up from an error.\n\nAdd the missing return, as the auxiliary bus documentation states is a\nrequirement (seems that LLM tools read documentation better than humans\ndo...)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31621",
"url": "https://www.suse.com/security/cve/CVE-2026-31621"
},
{
"category": "external",
"summary": "SUSE Bug 1263771 for CVE-2026-31621",
"url": "https://bugzilla.suse.com/1263771"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31621"
},
{
"cve": "CVE-2026-31622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31622"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFC: digital: Bounds check NFC-A cascade depth in SDD response handler\n\nThe NFC-A anti-collision cascade in digital_in_recv_sdd_res() appends 3\nor 4 bytes to target-\u003enfcid1 on each round, but the number of cascade\nrounds is controlled entirely by the peer device. The peer sets the\ncascade tag in the SDD_RES (deciding 3 vs 4 bytes) and the\ncascade-incomplete bit in the SEL_RES (deciding whether another round\nfollows).\n\nISO 14443-3 limits NFC-A to three cascade levels and target-\u003enfcid1 is\nsized accordingly (NFC_NFCID1_MAXSIZE = 10), but nothing in the driver\nactually enforces this. This means a malicious peer can keep the\ncascade running, writing past the heap-allocated nfc_target with each\nround.\n\nFix this by rejecting the response when the accumulated UID would exceed\nthe buffer.\n\nCommit e329e71013c9 (\"NFC: nci: Bounds check struct nfc_target arrays\")\nfixed similar missing checks against the same field on the NCI path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31622",
"url": "https://www.suse.com/security/cve/CVE-2026-31622"
},
{
"category": "external",
"summary": "SUSE Bug 1263797 for CVE-2026-31622",
"url": "https://bugzilla.suse.com/1263797"
},
{
"category": "external",
"summary": "SUSE Bug 1263798 for CVE-2026-31622",
"url": "https://bugzilla.suse.com/1263798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31622"
},
{
"cve": "CVE-2026-31623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31623"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: usb: cdc-phonet: fix skb frags[] overflow in rx_complete()\n\nA malicious USB device claiming to be a CDC Phonet modem can overflow\nthe skb_shared_info-\u003efrags[] array by sending an unbounded sequence of\nfull-page bulk transfers.\n\nDrop the skb and increment the length error when the frag limit is\nreached. This matches the same fix that commit f0813bcd2d9d (\"net:\nwwan: t7xx: fix potential skb-\u003efrags overflow in RX path\") did for the\nt7xx driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31623",
"url": "https://www.suse.com/security/cve/CVE-2026-31623"
},
{
"category": "external",
"summary": "SUSE Bug 1263778 for CVE-2026-31623",
"url": "https://bugzilla.suse.com/1263778"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31623"
},
{
"cve": "CVE-2026-31624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31624"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: clamp report_size in s32ton() to avoid undefined shift\n\ns32ton() shifts by n-1 where n is the field\u0027s report_size, a value that\ncomes directly from a HID device. The HID parser bounds report_size\nonly to \u003c= 256, so a broken HID device can supply a report descriptor\nwith a wide field that triggers shift exponents up to 256 on a 32-bit\ntype when an output report is built via hid_output_field() or\nhid_set_field().\n\nCommit ec61b41918587 (\"HID: core: fix shift-out-of-bounds in\nhid_report_raw_event\") added the same n \u003e 32 clamp to the function\nsnto32(), but s32ton() was never given the same fix as I guess syzbot\nhadn\u0027t figured out how to fuzz a device the same way.\n\nFix this up by just clamping the max value of n, just like snto32()\ndoes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31624",
"url": "https://www.suse.com/security/cve/CVE-2026-31624"
},
{
"category": "external",
"summary": "SUSE Bug 1263657 for CVE-2026-31624",
"url": "https://bugzilla.suse.com/1263657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31624"
},
{
"cve": "CVE-2026-31625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31625"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: alps: fix NULL pointer dereference in alps_raw_event()\n\nCommit ecfa6f34492c (\"HID: Add HID_CLAIMED_INPUT guards in raw_event\ncallbacks missing them\") attempted to fix up the HID drivers that had\nmissed the previous fix that was done in 2ff5baa9b527 (\"HID: appleir:\nFix potential NULL dereference at raw event handle\"), but the alps\ndriver was missed.\n\nFix this up by properly checking in the hid-alps driver that it had been\nclaimed correctly before attempting to process the raw event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31625",
"url": "https://www.suse.com/security/cve/CVE-2026-31625"
},
{
"category": "external",
"summary": "SUSE Bug 1263030 for CVE-2026-31625",
"url": "https://bugzilla.suse.com/1263030"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31625"
},
{
"cve": "CVE-2026-31626",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31626"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify()\n\nInitialize le_tmp64 to zero in rtw_BIP_verify() to prevent using\nuninitialized data.\n\nSmatch warns that only 6 bytes are copied to this 8-byte (u64)\nvariable, leaving the last two bytes uninitialized:\n\ndrivers/staging/rtl8723bs/core/rtw_security.c:1308 rtw_BIP_verify()\nwarn: not copying enough bytes for \u0027\u0026le_tmp64\u0027 (8 vs 6 bytes)\n\nInitializing the variable at the start of the function fixes this\nwarning and ensures predictable behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31626",
"url": "https://www.suse.com/security/cve/CVE-2026-31626"
},
{
"category": "external",
"summary": "SUSE Bug 1263782 for CVE-2026-31626",
"url": "https://bugzilla.suse.com/1263782"
},
{
"category": "external",
"summary": "SUSE Bug 1263784 for CVE-2026-31626",
"url": "https://bugzilla.suse.com/1263784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31626"
},
{
"cve": "CVE-2026-31627",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31627"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: s3c24xx: check the size of the SMBUS message before using it\n\nThe first byte of an i2c SMBUS message is the size, and it should be\nverified to ensure that it is in the range of 0..I2C_SMBUS_BLOCK_MAX\nbefore processing it.\n\nThis is the same logic that was added in commit a6e04f05ce0b (\"i2c:\ntegra: check msg length in SMBUS block read\") to the i2c tegra driver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31627",
"url": "https://www.suse.com/security/cve/CVE-2026-31627"
},
{
"category": "external",
"summary": "SUSE Bug 1263786 for CVE-2026-31627",
"url": "https://bugzilla.suse.com/1263786"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31627"
},
{
"cve": "CVE-2026-31628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31628"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/CPU: Fix FPDSS on Zen1\n\nZen1\u0027s hardware divider can leave, under certain circumstances, partial\nresults from previous operations. Those results can be leaked by\nanother, attacker thread.\n\nFix that with a chicken bit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31628",
"url": "https://www.suse.com/security/cve/CVE-2026-31628"
},
{
"category": "external",
"summary": "SUSE Bug 1263788 for CVE-2026-31628",
"url": "https://bugzilla.suse.com/1263788"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31628"
},
{
"cve": "CVE-2026-31629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31629"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: add missing return after LLCP_CLOSED checks\n\nIn nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket\nstate is LLCP_CLOSED, the code correctly calls release_sock() and\nnfc_llcp_sock_put() but fails to return. Execution falls through to\nthe remainder of the function, which calls release_sock() and\nnfc_llcp_sock_put() again. This results in a double release_sock()\nand a refcount underflow via double nfc_llcp_sock_put(), leading to\na use-after-free.\n\nAdd the missing return statements after the LLCP_CLOSED branches\nin both functions to prevent the fall-through.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31629",
"url": "https://www.suse.com/security/cve/CVE-2026-31629"
},
{
"category": "external",
"summary": "SUSE Bug 1263790 for CVE-2026-31629",
"url": "https://bugzilla.suse.com/1263790"
},
{
"category": "external",
"summary": "SUSE Bug 1263791 for CVE-2026-31629",
"url": "https://bugzilla.suse.com/1263791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2026-31629"
},
{
"cve": "CVE-2026-31686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31686"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/kasan: fix double free for kasan pXds\n\nkasan_free_pxd() assumes the page table is always struct page aligned. \nBut that\u0027s not always the case for all architectures. E.g. In case of\npowerpc with 64K pagesize, PUD table (of size 4096) comes from slab cache\nnamed pgtable-2^9. Hence instead of page_to_virt(pxd_page()) let\u0027s just\ndirectly pass the start of the pxd table which is passed as the 1st\nargument.\n\nThis fixes the below double free kasan issue seen with PMEM:\n\nradix-mmu: Mapped 0x0000047d10000000-0x0000047f90000000 with 2.00 MiB pages\n==================================================================\nBUG: KASAN: double-free in kasan_remove_zero_shadow+0x9c4/0xa20\nFree of addr c0000003c38e0000 by task ndctl/2164\n\nCPU: 34 UID: 0 PID: 2164 Comm: ndctl Not tainted 6.19.0-rc1-00048-gea1013c15392 #157 VOLUNTARY\nHardware name: IBM,9080-HEX POWER10 (architected) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_012) hv:phyp pSeries\nCall Trace:\n dump_stack_lvl+0x88/0xc4 (unreliable)\n print_report+0x214/0x63c\n kasan_report_invalid_free+0xe4/0x110\n check_slab_allocation+0x100/0x150\n kmem_cache_free+0x128/0x6e0\n kasan_remove_zero_shadow+0x9c4/0xa20\n memunmap_pages+0x2b8/0x5c0\n devm_action_release+0x54/0x70\n release_nodes+0xc8/0x1a0\n devres_release_all+0xe0/0x140\n device_unbind_cleanup+0x30/0x120\n device_release_driver_internal+0x3e4/0x450\n unbind_store+0xfc/0x110\n drv_attr_store+0x78/0xb0\n sysfs_kf_write+0x114/0x140\n kernfs_fop_write_iter+0x264/0x3f0\n vfs_write+0x3bc/0x7d0\n ksys_write+0xa4/0x190\n system_call_exception+0x190/0x480\n system_call_vectored_common+0x15c/0x2ec\n---- interrupt: 3000 at 0x7fff93b3d3f4\nNIP: 00007fff93b3d3f4 LR: 00007fff93b3d3f4 CTR: 0000000000000000\nREGS: c0000003f1b07e80 TRAP: 3000 Not tainted (6.19.0-rc1-00048-gea1013c15392)\nMSR: 800000000280f033 \u003cSF,VEC,VSX,EE,PR,FP,ME,IR,DR,RI,LE\u003e CR: 48888208 XER: 00000000\n\u003c...\u003e\nNIP [00007fff93b3d3f4] 0x7fff93b3d3f4\nLR [00007fff93b3d3f4] 0x7fff93b3d3f4\n---- interrupt: 3000\n\n The buggy address belongs to the object at c0000003c38e0000\n which belongs to the cache pgtable-2^9 of size 4096\n The buggy address is located 0 bytes inside of\n 4096-byte region [c0000003c38e0000, c0000003c38e1000)\n\n The buggy address belongs to the physical page:\n page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3c38c\n head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0\n memcg:c0000003bfd63e01\n flags: 0x63ffff800000040(head|node=6|zone=0|lastcpupid=0x7ffff)\n page_type: f5(slab)\n raw: 063ffff800000040 c000000140058980 5deadbeef0000122 0000000000000000\n raw: 0000000000000000 0000000080200020 00000000f5000000 c0000003bfd63e01\n head: 063ffff800000040 c000000140058980 5deadbeef0000122 0000000000000000\n head: 0000000000000000 0000000080200020 00000000f5000000 c0000003bfd63e01\n head: 063ffff800000002 c00c000000f0e301 00000000ffffffff 00000000ffffffff\n head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004\n page dumped because: kasan: bad access detected\n\n[ 138.953636] [ T2164] Memory state around the buggy address:\n[ 138.953643] [ T2164] c0000003c38dff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 138.953652] [ T2164] c0000003c38dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 138.953661] [ T2164] \u003ec0000003c38e0000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 138.953669] [ T2164] ^\n[ 138.953675] [ T2164] c0000003c38e0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 138.953684] [ T2164] c0000003c38e0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc\n[ 138.953692] [ T2164] ==================================================================\n[ 138.953701] [ T2164] Disabling lock debugging due to kernel taint",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31686",
"url": "https://www.suse.com/security/cve/CVE-2026-31686"
},
{
"category": "external",
"summary": "SUSE Bug 1263597 for CVE-2026-31686",
"url": "https://bugzilla.suse.com/1263597"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31686"
},
{
"cve": "CVE-2026-31786",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31786"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBuffer overflow in drivers/xen/sys-hypervisor.c\n\nThe build id returned by HYPERVISOR_xen_version(XENVER_build_id) is\nneither NUL terminated nor a string.\n\nThe first causes a buffer overflow as sprintf in buildid_show will\nread and copy till it finds a NUL.\n\n00000000 f4 91 51 f4 dd 38 9e 9d 65 47 52 eb 10 71 db 50 |..Q..8..eGR..q.P|\n00000010 b9 a8 01 42 6f 2e 32 |...Bo.2|\n00000017\n\nSo use a memcpy instead of sprintf to have the correct value:\n\n00000000 f4 91 51 f4 dd 00 9e 9d 65 47 52 eb 10 71 db 50 |..Q.....eGR..q.P|\n00000010 b9 a8 01 42 |...B|\n00000014\n\n(the above have a hack to embed a zero inside and check it\u0027s\nreturned correctly).\n\nThis is XSA-485 / CVE-2026-31786",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31786",
"url": "https://www.suse.com/security/cve/CVE-2026-31786"
},
{
"category": "external",
"summary": "SUSE Bug 1262179 for CVE-2026-31786",
"url": "https://bugzilla.suse.com/1262179"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31786"
},
{
"cve": "CVE-2026-31787",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31787"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: fix double free via VMA splitting\n\nprivcmd_vm_ops defines .close (privcmd_close), but neither .may_split\nnor .open. When userspace does a partial munmap() on a privcmd mapping,\nthe kernel splits the VMA via __split_vma(). Since may_split is NULL,\nthe split is allowed. vm_area_dup() copies vm_private_data (a pages\narray allocated in alloc_empty_pages()) into the new VMA without any\nfixup, because there is no .open callback.\n\nBoth VMAs now point to the same pages array. When the unmapped portion\nis closed, privcmd_close() calls:\n - xen_unmap_domain_gfn_range()\n - xen_free_unpopulated_pages()\n - kvfree(pages)\n\nThe surviving VMA still holds the dangling pointer. When it is later\ndestroyed, the same sequence runs again, which leads to a double free.\n\nFix this issue by adding a .may_split callback denying the VMA split.\n\nThis is XSA-487 / CVE-2026-31787",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31787",
"url": "https://www.suse.com/security/cve/CVE-2026-31787"
},
{
"category": "external",
"summary": "SUSE Bug 1262181 for CVE-2026-31787",
"url": "https://bugzilla.suse.com/1262181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-7.0.3-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-7.0.3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-05-06T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2026-31787"
}
]
}
GHSA-9H3V-WRPM-Q7M5
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 21:30
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
media: hackrf: fix to not free memory after the device is registered in hackrf_probe()
In hackrf driver, the following race condition occurs:
CPU0 CPU1
hackrf_probe()
kzalloc(); // alloc hackrf_dev
....
v4l2_device_register();
....
fd = sys_open("/path/to/dev"); // open hackrf fd
....
v4l2_device_unregister();
....
kfree(); // free hackrf_dev
....
sys_ioctl(fd, ...);
v4l2_ioctl();
video_is_registered() // UAF!!
....
sys_close(fd);
v4l2_release() // UAF!!
hackrf_video_release()
kfree(); // DFB!!
When a V4L2 or video device is unregistered, the device node is removed so new open() calls are blocked.
However, file descriptors that are already open-and any in-flight I/O-do not terminate immediately; they remain valid until the last reference is dropped and the driver's release() is invoked.
Therefore, freeing device memory on the error path after hackrf_probe() has registered dev it will lead to a race to use-after-free vuln, since those already-open handles haven't been released yet.
And since release() free memory too, race to use-after-free and double-free vuln occur.
To prevent this, if device is registered from probe(), it should be modified to free memory only through release() rather than calling kfree() directly.
Severity ?
7.8 (High)
{
"affected": [],
"aliases": [
"CVE-2026-31576"
],
"database_specific": {
"cwe_ids": [
"CWE-416"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:32Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: hackrf: fix to not free memory after the device is registered in hackrf_probe()\n\nIn hackrf driver, the following race condition occurs:\n```\n\t\tCPU0\t\t\t\t\t\tCPU1\nhackrf_probe()\n kzalloc(); // alloc hackrf_dev\n ....\n v4l2_device_register();\n ....\n\t\t\t\t\t\tfd = sys_open(\"/path/to/dev\"); // open hackrf fd\n\t\t\t\t\t\t....\n v4l2_device_unregister();\n ....\n kfree(); // free hackrf_dev\n ....\n\t\t\t\t\t\tsys_ioctl(fd, ...);\n\t\t\t\t\t\t v4l2_ioctl();\n\t\t\t\t\t\t video_is_registered() // UAF!!\n\t\t\t\t\t\t....\n\t\t\t\t\t\tsys_close(fd);\n\t\t\t\t\t\t v4l2_release() // UAF!!\n\t\t\t\t\t\t hackrf_video_release()\n\t\t\t\t\t\t kfree(); // DFB!!\n```\n\nWhen a V4L2 or video device is unregistered, the device node is removed so\nnew open() calls are blocked.\n\nHowever, file descriptors that are already open-and any in-flight I/O-do\nnot terminate immediately; they remain valid until the last reference is\ndropped and the driver\u0027s release() is invoked.\n\nTherefore, freeing device memory on the error path after hackrf_probe()\nhas registered dev it will lead to a race to use-after-free vuln, since\nthose already-open handles haven\u0027t been released yet.\n\nAnd since release() free memory too, race to use-after-free and\ndouble-free vuln occur.\n\nTo prevent this, if device is registered from probe(), it should be\nmodified to free memory only through release() rather than calling\nkfree() directly.",
"id": "GHSA-9h3v-wrpm-q7m5",
"modified": "2026-04-27T21:30:47Z",
"published": "2026-04-24T15:32:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31576"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/07e9e674b6146b1f6fc41b1f54b8968bf2802824"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2145c71a8044362e82e9923f001ba2aeb771b848"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3b7da2b4d0fe014eff181ed37e3bf832eb8ed258"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/45cbaf5c7cdc5386d86377f0daf94a17a007fed0"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/98a0a81ce78020c2522e0046f49d200de9778cb9"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/fcd1d70792a35c8a97414fe429f48311e41269c2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…