ovmf (SUSE:Linux Enterprise Server 16.0) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 16.0 package ovmf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-25835 — CVSS 7.7 (high): Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).
CVE-2026-25833 — CVSS 7.5 (high): Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2026-34874 — CVSS 7.5 (high): An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing…