vulnerability
SUSE: CVE-2025-30472: SUSE Linux Security Advisory
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Jun 1, 2025 | Dec 5, 2025 | Dec 5, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Jun 1, 2025
Added
Dec 5, 2025
Modified
Dec 5, 2025
Description
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Solutions
suse-upgrade-corosyncsuse-upgrade-corosync-qdevicesuse-upgrade-corosync-qnetdsuse-upgrade-corosync-testagentssuse-upgrade-libcfg6suse-upgrade-libcfg6-32bitsuse-upgrade-libcmap4suse-upgrade-libcmap4-32bitsuse-upgrade-libcorosync-develsuse-upgrade-libcorosync_common4suse-upgrade-libcorosync_common4-32bitsuse-upgrade-libcpg4suse-upgrade-libcpg4-32bitsuse-upgrade-libquorum5suse-upgrade-libquorum5-32bitsuse-upgrade-libsam4suse-upgrade-libsam4-32bitsuse-upgrade-libtotem_pg5suse-upgrade-libtotem_pg5-32bitsuse-upgrade-libvotequorum8suse-upgrade-libvotequorum8-32bit
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.