Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-23335 (GCVE-0-2026-23335)
Vulnerability from cvelistv5 – Published: 2026-03-25 10:27 – Updated: 2026-04-18 08:57
VLAI?
EPSS
Title
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
struct irdma_create_ah_resp { // 8 bytes, no padding
__u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx)
__u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK
};
rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().
The reserved members of the structure were not zeroed.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
b48c24c2d710cf34810c555dcef883a3d35a9c08 , < 1f70df004fdd944653013ccc2e1dfd472a693b46
(git)
Affected: b48c24c2d710cf34810c555dcef883a3d35a9c08 , < 14b47c07c69930254f549a17ee245c80a65b1609 (git) Affected: b48c24c2d710cf34810c555dcef883a3d35a9c08 , < 1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8 (git) Affected: b48c24c2d710cf34810c555dcef883a3d35a9c08 , < 2fd37450d271d74b3847baed284f9cfdf198c6f8 (git) Affected: b48c24c2d710cf34810c555dcef883a3d35a9c08 , < cfe962216c164fe2b1c1fb6ac925a7413f5abc84 (git) Affected: b48c24c2d710cf34810c555dcef883a3d35a9c08 , < c9bd0007c4bdb7806bbd323287e50f9cf467c51a (git) Affected: b48c24c2d710cf34810c555dcef883a3d35a9c08 , < 74586c6da9ea222a61c98394f2fc0a604748438c (git) |
|||||||
|
|||||||||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/verbs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "1f70df004fdd944653013ccc2e1dfd472a693b46",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
},
{
"lessThan": "14b47c07c69930254f549a17ee245c80a65b1609",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
},
{
"lessThan": "1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
},
{
"lessThan": "2fd37450d271d74b3847baed284f9cfdf198c6f8",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
},
{
"lessThan": "cfe962216c164fe2b1c1fb6ac925a7413f5abc84",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
},
{
"lessThan": "c9bd0007c4bdb7806bbd323287e50f9cf467c51a",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
},
{
"lessThan": "74586c6da9ea222a61c98394f2fc0a604748438c",
"status": "affected",
"version": "b48c24c2d710cf34810c555dcef883a3d35a9c08",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/infiniband/hw/irdma/verbs.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "5.14"
},
{
"lessThan": "5.14",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.203",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.167",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.130",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.77",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.17",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.19.*",
"status": "unaffected",
"version": "6.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.0",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.77",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.17",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19.7",
"versionStartIncluding": "5.14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0",
"versionStartIncluding": "5.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-18T08:57:59.964Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46"
},
{
"url": "https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609"
},
{
"url": "https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8"
},
{
"url": "https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8"
},
{
"url": "https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84"
},
{
"url": "https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a"
},
{
"url": "https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c"
}
],
"title": "RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-23335",
"datePublished": "2026-03-25T10:27:25.418Z",
"dateReserved": "2026-01-13T15:37:45.997Z",
"dateUpdated": "2026-04-18T08:57:59.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-23335",
"date": "2026-04-24",
"epss": "0.00013",
"percentile": "0.02265"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-23335\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-03-25T11:16:31.050\",\"lastModified\":\"2026-04-23T21:13:06.170\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\\n\\nstruct irdma_create_ah_resp { // 8 bytes, no padding\\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\\n};\\n\\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\\n\\nThe reserved members of the structure were not zeroed.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\\n\\nRDMA/irdma: Correcci\u00f3n de fuga de pila del kernel en irdma_create_user_ah()\\n\\nstruct irdma_create_ah_resp { // 8 bytes, sin relleno\\n __u32 ah_id; // desplazamiento 0 - ESTABLECIDO (uresp.ah_id = ah-\u0026gt;sc_ah.ah_info.ah_idx)\\n __u8 rsvd[4]; // desplazamiento 4 - NUNCA ESTABLECIDO \u0026lt;- FUGA\\n};\\n\\nrsvd[4]: 4 bytes de memoria de pila filtrados incondicionalmente. Solo ah_id se asigna antes de ib_respond_udata().\\n\\nLos miembros reservados de la estructura no fueron puestos a cero.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.14.1\",\"versionEndExcluding\":\"5.15.203\",\"matchCriteriaId\":\"6B079407-83B2-4F8B-863E-9DEB27376206\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.167\",\"matchCriteriaId\":\"2EDC6BAF-B710-4E26-B6AA-D68922EE7B43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.130\",\"matchCriteriaId\":\"C57BB918-DF28-46B3-94F7-144176841267\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.77\",\"matchCriteriaId\":\"B3D12E00-E42D-4056-B354-BAD4903C03A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.17\",\"matchCriteriaId\":\"A5E006E4-59C7-43C1-9231-62A72219F2BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"6.19.7\",\"matchCriteriaId\":\"69245D10-0B71-485E-80C3-A64F077004D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A05198E-F8FA-4517-8D0E-8C95066AED38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F253B622-8837-4245-BCE5-A7BF8FC76A16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F666C8D8-6538-46D4-B318-87610DE64C34\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"02259FDA-961B-47BC-AE7F-93D7EC6E90C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"58A9FEFF-C040-420D-8F0A-BFDAAA1DF258\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D2315C0-D46F-4F85-9754-F9E5E11374A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"512EE3A8-A590-4501-9A94-5D4B268D6138\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
}
}
MSRC_CVE-2026-23335
Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-03-27 01:37Summary
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
| URL | Category | |
|---|---|---|
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-23335.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()",
"tracking": {
"current_release_date": "2026-03-27T01:37:07.000Z",
"generator": {
"date": "2026-03-27T07:08:42.923Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-23335",
"initial_release_date": "2026-03-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-03-26T01:05:05.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-03-27T01:37:07.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"category": "product_name",
"name": "azl3 kernel 6.6.126.1-1",
"product": {
"name": "azl3 kernel 6.6.126.1-1",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.126.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23335",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"17084-1"
]
}
],
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_not_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-23335 RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-23335.json"
}
],
"title": "RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()"
}
]
}
SUSE-SU-2026:21114-1
Vulnerability from csaf_suse - Published: 2026-04-13 17:04 - Updated: 2026-04-13 17:04Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).
- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).
- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
(bsc#1253455).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).
- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).
- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).
- CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).
- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
- CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).
The following non-security bugs were fixed:
- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).
- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).
- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).
- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).
- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).
- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).
- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).
- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).
- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).
- ASoC: Intel: catpt: Fix the device initialization (git-fixes).
- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).
- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).
- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).
- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).
- ASoC: detect empty DMI strings (git-fixes).
- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).
- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).
- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).
- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).
- Bluetooth: HIDP: Fix possible UAF (git-fixes).
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).
- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).
- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).
- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).
- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).
- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).
- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).
- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).
- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).
- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).
- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).
- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).
- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).
- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).
- HID: mcp2221: cancel last I2C command on read error (stable-fixes).
- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
- NFC: pn533: bound the UART receive buffer (git-fixes).
- PCI: Update BAR # and window messages (stable-fixes).
- PCI: hv: Correct a comment (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PM: runtime: Fix a race condition related to device removal (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506).
- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).
- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).
- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).
- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).
- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).
- bonding: do not set usable_slaves for broadcast mode (git-fixes).
- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).
- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages (git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).
- comedi: Reinit dev->spinlock between attachments to low-level drivers (git-fixes).
- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).
- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).
- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).
- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
- crypto: caam - fix overflow on long hmac keys (git-fixes).
- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).
- dmaengine: idxd: Fix leaking event log memory (git-fixes).
- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).
- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).
- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).
- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).
- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).
- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).
- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).
- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).
- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).
- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).
- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).
- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).
- drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes).
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).
- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).
- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).
- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).
- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).
- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).
- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).
- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).
- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).
- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).
- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).
- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).
- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).
- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).
- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).
- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).
- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).
- hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).
- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).
- idpf: nullify pointers after they are freed (git-fixes).
- iio: accel: fix ADXL355 temperature signature value (git-fixes).
- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).
- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).
- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).
- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).
- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).
- iio: dac: ds4424: reject -128 RAW value (git-fixes).
- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).
- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).
- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).
- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).
- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).
- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).
- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).
- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).
- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).
- media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes).
- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).
- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).
- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
- misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes).
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).
- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).
- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).
- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).
- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).
- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).
- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).
- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).
- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).
- net/x25: Fix overflow when accumulating packets (git-fixes).
- net/x25: Fix potential double free of skb (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).
- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).
- net: usb: pegasus: validate USB endpoints (stable-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).
- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths (git-fixes).
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).
- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).
- pinctrl: equilibrium: fix warning trace on load (git-fixes).
- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).
- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).
- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).
- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).
- platform/x86: ISST: Correct locked bit width (git-fixes).
- platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git-fixes).
- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).
- regmap: Synchronize cache for the page selector (git-fixes).
- regulator: pca9450: Correct interrupt type (git-fixes).
- regulator: pca9450: Make IRQ optional (stable-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669).
- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669).
- selftests/powerpc: make sub-folders buildable on their own (bsc#1261669).
- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).
- serial: 8250: Fix TX deadlock when using DMA (git-fixes).
- serial: 8250_pci: add support for the AX99100 (stable-fixes).
- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).
- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).
- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).
- spi: fix statistics allocation (git-fixes).
- spi: fix use-after-free on controller registration failure (git-fixes).
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).
- tg3: Fix race for querying speed/duplex (bsc#1257183).
- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).
- usb: cdns3: fix role switching during resume (git-fixes).
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).
- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).
- usb: cdns3: remove redundant if branch (stable-fixes).
- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).
- usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-fixes).
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).
- usb: ehci-brcm: fix sleep during atomic (git-fixes).
- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).
- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).
- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).
- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).
- usb: image: mdc800: kill download URB on timeout (stable-fixes).
- usb: mdc800: handle signal and read racing (stable-fixes).
- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).
- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).
- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).
- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).
- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).
- usb: yurex: fix race in probe (stable-fixes).
- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).
- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).
- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).
- wifi: mac80211: set default WMM parameters on all links (stable-fixes).
- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).
Patchnames: SUSE-SLE-Micro-6.1-kernel-340
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).\n- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).\n- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).\n- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64() paths\n (bsc#1253455).\n- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).\n- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).\n- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).\n- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).\n- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).\n- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).\n- CVE-2026-23047: libceph: make calc_target() set t-\u003epaused, not just clear it (bsc#1257682).\n- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).\n- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).\n- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).\n- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).\n- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).\n- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).\n- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).\n- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).\n- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).\n- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains (bsc#1258330).\n- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).\n- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).\n- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).\n- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).\n- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).\n- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).\n- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).\n- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).\n- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).\n- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-\u003enelems before insertion (bsc#1260009).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).\n- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).\n- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).\n- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).\n- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).\n- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).\n- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).\n- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).\n- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).\n- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).\n- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).\n- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).\n- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).\n- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).\n- CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580).\n- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).\n- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).\n- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).\n- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).\n- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).\n- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).\n\nThe following non-security bugs were fixed:\n\n- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).\n- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).\n- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).\n- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).\n- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).\n- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).\n- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).\n- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).\n- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).\n- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).\n- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).\n- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).\n- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).\n- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).\n- ASoC: Intel: catpt: Fix the device initialization (git-fixes).\n- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).\n- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).\n- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).\n- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).\n- ASoC: detect empty DMI strings (git-fixes).\n- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).\n- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).\n- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).\n- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).\n- Bluetooth: HIDP: Fix possible UAF (git-fixes).\n- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).\n- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).\n- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).\n- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).\n- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).\n- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).\n- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if received packet\u0027s SDU exceeds IMTU (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).\n- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).\n- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).\n- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).\n- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).\n- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).\n- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).\n- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).\n- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).\n- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).\n- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).\n- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).\n- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).\n- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).\n- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).\n- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).\n- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).\n- Drivers: hv: fix missing kernel-doc description for \u0027size\u0027 in request_arr_init() (git-fixes).\n- Drivers: hv: remove stale comment (git-fixes).\n- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).\n- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).\n- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).\n- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).\n- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).\n- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).\n- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).\n- HID: mcp2221: cancel last I2C command on read error (stable-fixes).\n- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).\n- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).\n- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).\n- NFC: pn533: bound the UART receive buffer (git-fixes).\n- PCI: Update BAR # and window messages (stable-fixes).\n- PCI: hv: Correct a comment (git-fixes).\n- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).\n- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).\n- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).\n- PM: runtime: Fix a race condition related to device removal (git-fixes).\n- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).\n- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).\n- RDMA/mana_ib: Add device statistics support (git-fixes).\n- RDMA/mana_ib: Add device-memory support (git-fixes).\n- RDMA/mana_ib: Add port statistics support (git-fixes).\n- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).\n- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).\n- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).\n- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).\n- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).\n- RDMA/mana_ib: Create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).\n- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).\n- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).\n- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).\n- RDMA/mana_ib: Extend modify QP (git-fixes).\n- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).\n- RDMA/mana_ib: Fix error code in probe() (git-fixes).\n- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).\n- RDMA/mana_ib: Fix missing ret value (git-fixes).\n- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).\n- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).\n- RDMA/mana_ib: Implement port parameters (git-fixes).\n- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).\n- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).\n- RDMA/mana_ib: Modify QP state (git-fixes).\n- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).\n- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).\n- RDMA/mana_ib: Set correct device into ib (git-fixes).\n- RDMA/mana_ib: Take CQ type from the device type (git-fixes).\n- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).\n- RDMA/mana_ib: UD/GSI work requests (git-fixes).\n- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).\n- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).\n- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).\n- RDMA/mana_ib: add additional port counters (bsc#1251135).\n- RDMA/mana_ib: add support of multiple ports (bsc#1251135).\n- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).\n- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).\n- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).\n- RDMA/mana_ib: create kernel-level CQs (git-fixes).\n- RDMA/mana_ib: create/destroy AH (git-fixes).\n- RDMA/mana_ib: extend mana QP table (git-fixes).\n- RDMA/mana_ib: extend query device (git-fixes).\n- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).\n- RDMA/mana_ib: implement get_dma_mr (git-fixes).\n- RDMA/mana_ib: implement req_notify_cq (git-fixes).\n- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).\n- RDMA/mana_ib: indicate CM support (git-fixes).\n- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).\n- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).\n- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).\n- RDMA/mana_ib: request error CQEs when supported (git-fixes).\n- RDMA/mana_ib: set node_guid (git-fixes).\n- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).\n- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).\n- Remove \"scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans\" changes (bsc#1257506).\n- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).\n- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).\n- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).\n- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).\n- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).\n- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).\n- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).\n- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).\n- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).\n- apparmor: fix differential encoding verification (bsc#1258849).\n- apparmor: fix memory leak in verify_header (bsc#1258849).\n- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).\n- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).\n- apparmor: fix race on rawdata dereference (bsc#1258849).\n- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).\n- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).\n- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).\n- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).\n- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).\n- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).\n- bonding: do not set usable_slaves for broadcast mode (git-fixes).\n- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).\n- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).\n- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).\n- can: bcm: fix locking for bcm_op runtime updates (git-fixes).\n- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).\n- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).\n- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).\n- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).\n- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).\n- can: ucan: Fix infinite loop from zero-length messages (git-fixes).\n- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).\n- comedi: Reinit dev-\u003espinlock between attachments to low-level drivers (git-fixes).\n- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).\n- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).\n- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).\n- crypto: caam - fix overflow on long hmac keys (git-fixes).\n- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).\n- dmaengine: idxd: Fix leaking event log memory (git-fixes).\n- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).\n- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).\n- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).\n- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).\n- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).\n- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).\n- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).\n- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).\n- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).\n- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).\n- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).\n- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).\n- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).\n- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).\n- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).\n- drm/i915/dp: Use crtc_state-\u003eenhanced_framing properly on ivb/hsw CPU eDP (git-fixes).\n- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).\n- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).\n- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).\n- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).\n- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).\n- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).\n- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).\n- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).\n- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).\n- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).\n- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).\n- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).\n- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).\n- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).\n- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).\n- hwmon: (it87) Check the it87_lock() return value (git-fixes).\n- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).\n- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).\n- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).\n- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).\n- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).\n- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).\n- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).\n- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).\n- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).\n- hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).\n- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).\n- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).\n- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).\n- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).\n- idpf: nullify pointers after they are freed (git-fixes).\n- iio: accel: fix ADXL355 temperature signature value (git-fixes).\n- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).\n- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).\n- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).\n- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).\n- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).\n- iio: dac: ds4424: reject -128 RAW value (git-fixes).\n- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).\n- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).\n- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).\n- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).\n- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).\n- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).\n- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).\n- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).\n- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).\n- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).\n- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).\n- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).\n- media: tegra-video: Use accessors for pad config \u0027try_*\u0027 fields (stable-fixes).\n- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).\n- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).\n- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).\n- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).\n- misc: fastrpc: possible double-free of cctx-\u003eremote_heap (git-fixes).\n- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).\n- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).\n- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).\n- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).\n- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).\n- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).\n- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).\n- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).\n- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).\n- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).\n- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).\n- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).\n- net/x25: Fix overflow when accumulating packets (git-fixes).\n- net/x25: Fix potential double free of skb (git-fixes).\n- net: mana: Add metadata support for xdp mode (git-fixes).\n- net: mana: Add standard counter rx_missed_errors (git-fixes).\n- net: mana: Add support for auxiliary device servicing events (bsc#1251971).\n- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).\n- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).\n- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).\n- net: mana: Fix use-after-free in reset service rescan path (git-fixes).\n- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).\n- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).\n- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).\n- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).\n- net: mana: Handle unsupported HWC commands (git-fixes).\n- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).\n- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).\n- net: mana: Probe rdma device in mana driver (git-fixes).\n- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).\n- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).\n- net: mana: Support HW link state events (bsc#1253049).\n- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).\n- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).\n- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).\n- net: mana: fix use-after-free in add_adev() error path (git-fixes).\n- net: mana: use ethtool string helpers (git-fixes).\n- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).\n- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).\n- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).\n- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).\n- net: usb: pegasus: validate USB endpoints (stable-fixes).\n- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).\n- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).\n- nfc: nci: free skb on nci_transceive early error paths (git-fixes).\n- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).\n- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).\n- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).\n- pinctrl: equilibrium: fix warning trace on load (git-fixes).\n- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).\n- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).\n- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).\n- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).\n- platform/x86: ISST: Correct locked bit width (git-fixes).\n- platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git-fixes).\n- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).\n- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).\n- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).\n- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).\n- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).\n- regmap: Synchronize cache for the page selector (git-fixes).\n- regulator: pca9450: Correct interrupt type (git-fixes).\n- regulator: pca9450: Make IRQ optional (stable-fixes).\n- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).\n- rename Hyper-v patch files to simplify further SP6-SP7 merges\n- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).\n- scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).\n- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).\n- scsi: storvsc: Remove redundant ternary operators (git-fixes).\n- selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669).\n- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669).\n- selftests/powerpc: make sub-folders buildable on their own (bsc#1261669).\n- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).\n- serial: 8250: Fix TX deadlock when using DMA (git-fixes).\n- serial: 8250_pci: add support for the AX99100 (stable-fixes).\n- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).\n- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).\n- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).\n- spi: fix statistics allocation (git-fixes).\n- spi: fix use-after-free on controller registration failure (git-fixes).\n- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).\n- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).\n- tg3: Fix race for querying speed/duplex (bsc#1257183).\n- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).\n- tools/hv: add a .gitignore file (git-fixes).\n- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).\n- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).\n- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).\n- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).\n- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).\n- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).\n- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).\n- usb: cdns3: fix role switching during resume (git-fixes).\n- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).\n- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).\n- usb: cdns3: remove redundant if branch (stable-fixes).\n- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).\n- usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-fixes).\n- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).\n- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).\n- usb: ehci-brcm: fix sleep during atomic (git-fixes).\n- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).\n- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).\n- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).\n- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).\n- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).\n- usb: image: mdc800: kill download URB on timeout (stable-fixes).\n- usb: mdc800: handle signal and read racing (stable-fixes).\n- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).\n- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).\n- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).\n- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).\n- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).\n- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).\n- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).\n- usb: yurex: fix race in probe (stable-fixes).\n- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).\n- wifi: cw1200: Fix locking in error paths (git-fixes).\n- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).\n- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).\n- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).\n- wifi: mac80211: set default WMM parameters on all links (stable-fixes).\n- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).\n- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).\n- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).\n- wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).\n- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).\n- wifi: wlcore: Fix a locking bug (git-fixes).\n- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).\n- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).\n- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-340",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21114-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21114-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621114-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21114-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025429.html"
},
{
"category": "self",
"summary": "SUSE Bug 1226591",
"url": "https://bugzilla.suse.com/1226591"
},
{
"category": "self",
"summary": "SUSE Bug 1245728",
"url": "https://bugzilla.suse.com/1245728"
},
{
"category": "self",
"summary": "SUSE Bug 1249998",
"url": "https://bugzilla.suse.com/1249998"
},
{
"category": "self",
"summary": "SUSE Bug 1251135",
"url": "https://bugzilla.suse.com/1251135"
},
{
"category": "self",
"summary": "SUSE Bug 1251186",
"url": "https://bugzilla.suse.com/1251186"
},
{
"category": "self",
"summary": "SUSE Bug 1251971",
"url": "https://bugzilla.suse.com/1251971"
},
{
"category": "self",
"summary": "SUSE Bug 1252073",
"url": "https://bugzilla.suse.com/1252073"
},
{
"category": "self",
"summary": "SUSE Bug 1252266",
"url": "https://bugzilla.suse.com/1252266"
},
{
"category": "self",
"summary": "SUSE Bug 1253049",
"url": "https://bugzilla.suse.com/1253049"
},
{
"category": "self",
"summary": "SUSE Bug 1253455",
"url": "https://bugzilla.suse.com/1253455"
},
{
"category": "self",
"summary": "SUSE Bug 1254306",
"url": "https://bugzilla.suse.com/1254306"
},
{
"category": "self",
"summary": "SUSE Bug 1255084",
"url": "https://bugzilla.suse.com/1255084"
},
{
"category": "self",
"summary": "SUSE Bug 1256645",
"url": "https://bugzilla.suse.com/1256645"
},
{
"category": "self",
"summary": "SUSE Bug 1256647",
"url": "https://bugzilla.suse.com/1256647"
},
{
"category": "self",
"summary": "SUSE Bug 1256690",
"url": "https://bugzilla.suse.com/1256690"
},
{
"category": "self",
"summary": "SUSE Bug 1256784",
"url": "https://bugzilla.suse.com/1256784"
},
{
"category": "self",
"summary": "SUSE Bug 1257183",
"url": "https://bugzilla.suse.com/1257183"
},
{
"category": "self",
"summary": "SUSE Bug 1257466",
"url": "https://bugzilla.suse.com/1257466"
},
{
"category": "self",
"summary": "SUSE Bug 1257472",
"url": "https://bugzilla.suse.com/1257472"
},
{
"category": "self",
"summary": "SUSE Bug 1257473",
"url": "https://bugzilla.suse.com/1257473"
},
{
"category": "self",
"summary": "SUSE Bug 1257506",
"url": "https://bugzilla.suse.com/1257506"
},
{
"category": "self",
"summary": "SUSE Bug 1257561",
"url": "https://bugzilla.suse.com/1257561"
},
{
"category": "self",
"summary": "SUSE Bug 1257682",
"url": "https://bugzilla.suse.com/1257682"
},
{
"category": "self",
"summary": "SUSE Bug 1257732",
"url": "https://bugzilla.suse.com/1257732"
},
{
"category": "self",
"summary": "SUSE Bug 1257755",
"url": "https://bugzilla.suse.com/1257755"
},
{
"category": "self",
"summary": "SUSE Bug 1257773",
"url": "https://bugzilla.suse.com/1257773"
},
{
"category": "self",
"summary": "SUSE Bug 1257777",
"url": "https://bugzilla.suse.com/1257777"
},
{
"category": "self",
"summary": "SUSE Bug 1257814",
"url": "https://bugzilla.suse.com/1257814"
},
{
"category": "self",
"summary": "SUSE Bug 1257952",
"url": "https://bugzilla.suse.com/1257952"
},
{
"category": "self",
"summary": "SUSE Bug 1258280",
"url": "https://bugzilla.suse.com/1258280"
},
{
"category": "self",
"summary": "SUSE Bug 1258286",
"url": "https://bugzilla.suse.com/1258286"
},
{
"category": "self",
"summary": "SUSE Bug 1258293",
"url": "https://bugzilla.suse.com/1258293"
},
{
"category": "self",
"summary": "SUSE Bug 1258303",
"url": "https://bugzilla.suse.com/1258303"
},
{
"category": "self",
"summary": "SUSE Bug 1258305",
"url": "https://bugzilla.suse.com/1258305"
},
{
"category": "self",
"summary": "SUSE Bug 1258330",
"url": "https://bugzilla.suse.com/1258330"
},
{
"category": "self",
"summary": "SUSE Bug 1258337",
"url": "https://bugzilla.suse.com/1258337"
},
{
"category": "self",
"summary": "SUSE Bug 1258338",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "self",
"summary": "SUSE Bug 1258340",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "self",
"summary": "SUSE Bug 1258376",
"url": "https://bugzilla.suse.com/1258376"
},
{
"category": "self",
"summary": "SUSE Bug 1258389",
"url": "https://bugzilla.suse.com/1258389"
},
{
"category": "self",
"summary": "SUSE Bug 1258414",
"url": "https://bugzilla.suse.com/1258414"
},
{
"category": "self",
"summary": "SUSE Bug 1258424",
"url": "https://bugzilla.suse.com/1258424"
},
{
"category": "self",
"summary": "SUSE Bug 1258447",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "self",
"summary": "SUSE Bug 1258524",
"url": "https://bugzilla.suse.com/1258524"
},
{
"category": "self",
"summary": "SUSE Bug 1258832",
"url": "https://bugzilla.suse.com/1258832"
},
{
"category": "self",
"summary": "SUSE Bug 1258849",
"url": "https://bugzilla.suse.com/1258849"
},
{
"category": "self",
"summary": "SUSE Bug 1259188",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "self",
"summary": "SUSE Bug 1259461",
"url": "https://bugzilla.suse.com/1259461"
},
{
"category": "self",
"summary": "SUSE Bug 1259580",
"url": "https://bugzilla.suse.com/1259580"
},
{
"category": "self",
"summary": "SUSE Bug 1259707",
"url": "https://bugzilla.suse.com/1259707"
},
{
"category": "self",
"summary": "SUSE Bug 1259795",
"url": "https://bugzilla.suse.com/1259795"
},
{
"category": "self",
"summary": "SUSE Bug 1259797",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "self",
"summary": "SUSE Bug 1259865",
"url": "https://bugzilla.suse.com/1259865"
},
{
"category": "self",
"summary": "SUSE Bug 1259870",
"url": "https://bugzilla.suse.com/1259870"
},
{
"category": "self",
"summary": "SUSE Bug 1259886",
"url": "https://bugzilla.suse.com/1259886"
},
{
"category": "self",
"summary": "SUSE Bug 1259889",
"url": "https://bugzilla.suse.com/1259889"
},
{
"category": "self",
"summary": "SUSE Bug 1259891",
"url": "https://bugzilla.suse.com/1259891"
},
{
"category": "self",
"summary": "SUSE Bug 1259997",
"url": "https://bugzilla.suse.com/1259997"
},
{
"category": "self",
"summary": "SUSE Bug 1259998",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "self",
"summary": "SUSE Bug 1260005",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "self",
"summary": "SUSE Bug 1260009",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "self",
"summary": "SUSE Bug 1260347",
"url": "https://bugzilla.suse.com/1260347"
},
{
"category": "self",
"summary": "SUSE Bug 1260464",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "self",
"summary": "SUSE Bug 1260471",
"url": "https://bugzilla.suse.com/1260471"
},
{
"category": "self",
"summary": "SUSE Bug 1260481",
"url": "https://bugzilla.suse.com/1260481"
},
{
"category": "self",
"summary": "SUSE Bug 1260486",
"url": "https://bugzilla.suse.com/1260486"
},
{
"category": "self",
"summary": "SUSE Bug 1260497",
"url": "https://bugzilla.suse.com/1260497"
},
{
"category": "self",
"summary": "SUSE Bug 1260500",
"url": "https://bugzilla.suse.com/1260500"
},
{
"category": "self",
"summary": "SUSE Bug 1260527",
"url": "https://bugzilla.suse.com/1260527"
},
{
"category": "self",
"summary": "SUSE Bug 1260544",
"url": "https://bugzilla.suse.com/1260544"
},
{
"category": "self",
"summary": "SUSE Bug 1260550",
"url": "https://bugzilla.suse.com/1260550"
},
{
"category": "self",
"summary": "SUSE Bug 1260562",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "self",
"summary": "SUSE Bug 1260580",
"url": "https://bugzilla.suse.com/1260580"
},
{
"category": "self",
"summary": "SUSE Bug 1260730",
"url": "https://bugzilla.suse.com/1260730"
},
{
"category": "self",
"summary": "SUSE Bug 1260732",
"url": "https://bugzilla.suse.com/1260732"
},
{
"category": "self",
"summary": "SUSE Bug 1260735",
"url": "https://bugzilla.suse.com/1260735"
},
{
"category": "self",
"summary": "SUSE Bug 1260799",
"url": "https://bugzilla.suse.com/1260799"
},
{
"category": "self",
"summary": "SUSE Bug 1261412",
"url": "https://bugzilla.suse.com/1261412"
},
{
"category": "self",
"summary": "SUSE Bug 1261496",
"url": "https://bugzilla.suse.com/1261496"
},
{
"category": "self",
"summary": "SUSE Bug 1261498",
"url": "https://bugzilla.suse.com/1261498"
},
{
"category": "self",
"summary": "SUSE Bug 1261507",
"url": "https://bugzilla.suse.com/1261507"
},
{
"category": "self",
"summary": "SUSE Bug 1261669",
"url": "https://bugzilla.suse.com/1261669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38542 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39998 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40253 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71066 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71269 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23030 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23047 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23054 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23069 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23088 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23103 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23120 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23125 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23140 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23154 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23157 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23169 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23187 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23193 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23201 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23202 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23204 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23207 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23216 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23231 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23242 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23255 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23262 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23270 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23272 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23277 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23281 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23292 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23293 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23304 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23319 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23335 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23343 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23361 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23381 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23383 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23386 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23395 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23398 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23413 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23414 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23419 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31788 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-04-13T17:04:49Z",
"generator": {
"date": "2026-04-13T17:04:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21114-1",
"initial_release_date": "2026-04-13T17:04:49Z",
"revision_history": [
{
"date": "2026-04-13T17:04:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-41.1.aarch64",
"product_id": "kernel-default-6.4.0-41.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-41.1.21.18.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-41.1.21.18.aarch64",
"product_id": "kernel-default-base-6.4.0-41.1.21.18.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-41.1.aarch64",
"product": {
"name": "kernel-default-devel-6.4.0-41.1.aarch64",
"product_id": "kernel-default-devel-6.4.0-41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-41.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-41.1.noarch",
"product_id": "kernel-devel-6.4.0-41.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-41.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-41.1.noarch",
"product_id": "kernel-macros-6.4.0-41.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-41.1.noarch",
"product": {
"name": "kernel-source-6.4.0-41.1.noarch",
"product_id": "kernel-source-6.4.0-41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.ppc64le",
"product": {
"name": "kernel-default-6.4.0-41.1.ppc64le",
"product_id": "kernel-default-6.4.0-41.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"product": {
"name": "kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"product_id": "kernel-default-base-6.4.0-41.1.21.18.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-41.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.4.0-41.1.ppc64le",
"product_id": "kernel-default-devel-6.4.0-41.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.s390x",
"product": {
"name": "kernel-default-6.4.0-41.1.s390x",
"product_id": "kernel-default-6.4.0-41.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-41.1.s390x",
"product": {
"name": "kernel-default-devel-6.4.0-41.1.s390x",
"product_id": "kernel-default-devel-6.4.0-41.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-41.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-41.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-41.1.x86_64",
"product_id": "kernel-default-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-41.1.21.18.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-41.1.21.18.x86_64",
"product_id": "kernel-default-base-6.4.0-41.1.21.18.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-default-devel-6.4.0-41.1.x86_64",
"product_id": "kernel-default-devel-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-41.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-41.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le"
},
"product_reference": "kernel-default-6.4.0-41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x"
},
"product_reference": "kernel-default-6.4.0-41.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-41.1.21.18.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-41.1.21.18.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-41.1.21.18.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le"
},
"product_reference": "kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-41.1.21.18.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-41.1.21.18.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-41.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64"
},
"product_reference": "kernel-default-devel-6.4.0-41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-41.1.ppc64le as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.4.0-41.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-41.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x"
},
"product_reference": "kernel-default-devel-6.4.0-41.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-default-devel-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-41.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-41.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
},
"product_reference": "kernel-source-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38542"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38542",
"url": "https://www.suse.com/security/cve/CVE-2024-38542"
},
{
"category": "external",
"summary": "SUSE Bug 1226591 for CVE-2024-38542",
"url": "https://bugzilla.suse.com/1226591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2024-38542"
},
{
"cve": "CVE-2025-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n\nObserved on kernel 6.6 (present on master as well):\n\n BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0\n Call trace:\n kasan_check_range+0xe8/0x190\n __asan_loadN+0x1c/0x28\n memcmp+0x98/0xd0\n efivarfs_d_compare+0x68/0xd8\n __d_lookup_rcu_op_compare+0x178/0x218\n __d_lookup_rcu+0x1f8/0x228\n d_alloc_parallel+0x150/0x648\n lookup_open.isra.0+0x5f0/0x8d0\n open_last_lookups+0x264/0x828\n path_openat+0x130/0x3f8\n do_filp_open+0x114/0x248\n do_sys_openat2+0x340/0x3c0\n __arm64_sys_openat+0x120/0x1a0\n\nIf dentry-\u003ed_name.len \u003c EFI_VARIABLE_GUID_LEN , \u0027guid\u0027 can become\nnegative, leadings to oob. The issue can be triggered by parallel\nlookups using invalid filename:\n\n T1\t\t\tT2\n lookup_open\n -\u003elookup\n simple_lookup\n d_add\n // invalid dentry is added to hash list\n\n\t\t\tlookup_open\n\t\t\t d_alloc_parallel\n\t\t\t __d_lookup_rcu\n\t\t\t __d_lookup_rcu_op_compare\n\t\t\t hlist_bl_for_each_entry_rcu\n\t\t\t // invalid dentry can be retrieved\n\t\t\t -\u003ed_compare\n\t\t\t efivarfs_d_compare\n\t\t\t // oob\n\nFix it by checking \u0027guid\u0027 before cmp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39817",
"url": "https://www.suse.com/security/cve/CVE-2025-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1249998 for CVE-2025-39817",
"url": "https://bugzilla.suse.com/1249998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-39817"
},
{
"cve": "CVE-2025-39998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39998",
"url": "https://www.suse.com/security/cve/CVE-2025-39998"
},
{
"category": "external",
"summary": "SUSE Bug 1252073 for CVE-2025-39998",
"url": "https://bugzilla.suse.com/1252073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-39998"
},
{
"cve": "CVE-2025-40201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/sys.c: fix the racy usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64() paths\n\nThe usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64()-\u003edo_prlimit()\npath is very broken.\n\nsys_prlimit64() does get_task_struct(tsk) but this only protects task_struct\nitself. If tsk != current and tsk is not a leader, this process can exit/exec\nand task_lock(tsk-\u003egroup_leader) may use the already freed task_struct.\n\nAnother problem is that sys_prlimit64() can race with mt-exec which changes\n-\u003egroup_leader. In this case do_prlimit() may take the wrong lock, or (worse)\n-\u003egroup_leader may change between task_lock() and task_unlock().\n\nChange sys_prlimit64() to take tasklist_lock when necessary. This is not\nnice, but I don\u0027t see a better fix for -stable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40201",
"url": "https://www.suse.com/security/cve/CVE-2025-40201"
},
{
"category": "external",
"summary": "SUSE Bug 1253455 for CVE-2025-40201",
"url": "https://bugzilla.suse.com/1253455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-40201"
},
{
"cve": "CVE-2025-40253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ctcm: Fix double-kfree\n\nThe function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027 is called conditionally\nfrom function \u0027ctcmpc_unpack_skb\u0027. It frees passed mpcginfo.\nAfter that a call to function \u0027kfree\u0027 in function \u0027ctcmpc_unpack_skb\u0027\nfrees it again.\n\nRemove \u0027kfree\u0027 call in function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027.\n\nBug detected by the clang static analyzer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40253",
"url": "https://www.suse.com/security/cve/CVE-2025-40253"
},
{
"category": "external",
"summary": "SUSE Bug 1255084 for CVE-2025-40253",
"url": "https://bugzilla.suse.com/1255084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-40253"
},
{
"cve": "CVE-2025-68794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: adjust read range correctly for non-block-aligned positions\n\niomap_adjust_read_range() assumes that the position and length passed in\nare block-aligned. This is not always the case however, as shown in the\nsyzbot generated case for erofs. This causes too many bytes to be\nskipped for uptodate blocks, which results in returning the incorrect\nposition and length to read in. If all the blocks are uptodate, this\nunderflows length and returns a position beyond the folio.\n\nFix the calculation to also take into account the block offset when\ncalculating how many bytes can be skipped for uptodate blocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68794",
"url": "https://www.suse.com/security/cve/CVE-2025-68794"
},
{
"category": "external",
"summary": "SUSE Bug 1256647 for CVE-2025-68794",
"url": "https://bugzilla.suse.com/1256647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-68794"
},
{
"cve": "CVE-2025-71066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n\nzdi-disclosures@trendmicro.com says:\n\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\n`ets_qdisc_change`. It leads to UAF on `struct Qdisc` object.\nAttacker requires the capability to create new user and network namespace\nin order to trigger the bug.\nSee my additional commentary at the end of the analysis.\n\nAnalysis:\n\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\n struct netlink_ext_ack *extack)\n{\n...\n\n // (1) this lock is preventing .change handler (`ets_qdisc_change`)\n //to race with .dequeue handler (`ets_qdisc_dequeue`)\n sch_tree_lock(sch);\n\n for (i = nbands; i \u003c oldbands; i++) {\n if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\n list_del_init(\u0026q-\u003eclasses[i].alist);\n qdisc_purge_queue(q-\u003eclasses[i].qdisc);\n }\n\n WRITE_ONCE(q-\u003enbands, nbands);\n for (i = nstrict; i \u003c q-\u003enstrict; i++) {\n if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\n\t\t // (2) the class is added to the q-\u003eactive\n list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\n q-\u003eclasses[i].deficit = quanta[i];\n }\n }\n WRITE_ONCE(q-\u003enstrict, nstrict);\n memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\n\n for (i = 0; i \u003c q-\u003enbands; i++)\n WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\n\n for (i = oldbands; i \u003c q-\u003enbands; i++) {\n q-\u003eclasses[i].qdisc = queues[i];\n if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\n qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\n }\n\n // (3) the qdisc is unlocked, now dequeue can be called in parallel\n // to the rest of .change handler\n sch_tree_unlock(sch);\n\n ets_offload_change(sch);\n for (i = q-\u003enbands; i \u003c oldbands; i++) {\n\t // (4) we\u0027re reducing the refcount for our class\u0027s qdisc and\n\t // freeing it\n qdisc_put(q-\u003eclasses[i].qdisc);\n\t // (5) If we call .dequeue between (4) and (5), we will have\n\t // a strong UAF and we can control RIP\n q-\u003eclasses[i].qdisc = NULL;\n WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\n q-\u003eclasses[i].deficit = 0;\n gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\n memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\n }\n return 0;\n}\n\nComment:\nThis happens because some of the classes have their qdiscs assigned to\nNULL, but remain in the active list. This commit fixes this issue by always\nremoving the class from the active list before deleting and freeing its\nassociated qdisc\n\nReproducer Steps\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\n\n```\nDEV=\"${DEV:-lo}\"\nROOT_HANDLE=\"${ROOT_HANDLE:-1:}\"\nBAND2_HANDLE=\"${BAND2_HANDLE:-20:}\" # child under 1:2\nPING_BYTES=\"${PING_BYTES:-48}\"\nPING_COUNT=\"${PING_COUNT:-200000}\"\nPING_DST=\"${PING_DST:-127.0.0.1}\"\n\nSLOW_TBF_RATE=\"${SLOW_TBF_RATE:-8bit}\"\nSLOW_TBF_BURST=\"${SLOW_TBF_BURST:-100b}\"\nSLOW_TBF_LAT=\"${SLOW_TBF_LAT:-1s}\"\n\ncleanup() {\n tc qdisc del dev \"$DEV\" root 2\u003e/dev/null\n}\ntrap cleanup EXIT\n\nip link set \"$DEV\" up\n\ntc qdisc del dev \"$DEV\" root 2\u003e/dev/null || true\n\ntc qdisc add dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\n\ntc qdisc add dev \"$DEV\" parent 1:2 handle \"$BAND2_HANDLE\" \\\n tbf rate \"$SLOW_TBF_RATE\" burst \"$SLOW_TBF_BURST\" latency \"$SLOW_TBF_LAT\"\n\ntc filter add dev \"$DEV\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\ntc -s qdisc ls dev $DEV\n\nping -I \"$DEV\" -f -c \"$PING_COUNT\" -s \"$PING_BYTES\" -W 0.001 \"$PING_DST\" \\\n \u003e/dev/null 2\u003e\u00261 \u0026\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 0\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\ntc -s qdisc ls dev $DEV\ntc qdisc del dev \"$DEV\" parent \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71066",
"url": "https://www.suse.com/security/cve/CVE-2025-71066"
},
{
"category": "external",
"summary": "SUSE Bug 1256645 for CVE-2025-71066",
"url": "https://bugzilla.suse.com/1256645"
},
{
"category": "external",
"summary": "SUSE Bug 1258005 for CVE-2025-71066",
"url": "https://bugzilla.suse.com/1258005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2025-71066"
},
{
"cve": "CVE-2025-71125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not register unsupported perf events\n\nSynthetic events currently do not have a function to register perf events.\nThis leads to calling the tracepoint register functions with a NULL\nfunction pointer which triggers:\n\n ------------[ cut here ]------------\n WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0-ftest-11964-ge022764176fc-dirty #323 PREEMPTLAZY\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:tracepoint_add_func+0x357/0x370\n Code: 28 9c e8 4c 0b f5 ff eb 0f 4c 89 f7 48 c7 c6 80 4d 28 9c e8 ab 89 f4 ff 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc \u003c0f\u003e 0b 49 c7 c6 ea ff ff ff e9 ee fe ff ff 0f 0b e9 f9 fe ff ff 0f\n RSP: 0018:ffffabc0c44d3c40 EFLAGS: 00010246\n RAX: 0000000000000001 RBX: ffff9380aa9e4060 RCX: 0000000000000000\n RDX: 000000000000000a RSI: ffffffff9e1d4a98 RDI: ffff937fcf5fd6c8\n RBP: 0000000000000001 R08: 0000000000000007 R09: ffff937fcf5fc780\n R10: 0000000000000003 R11: ffffffff9c193910 R12: 000000000000000a\n R13: ffffffff9e1e5888 R14: 0000000000000000 R15: ffffabc0c44d3c78\n FS: 00007f6202f5f340(0000) GS:ffff93819f00f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055d3162281a8 CR3: 0000000106a56003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n tracepoint_probe_register+0x5d/0x90\n synth_event_reg+0x3c/0x60\n perf_trace_event_init+0x204/0x340\n perf_trace_init+0x85/0xd0\n perf_tp_event_init+0x2e/0x50\n perf_try_init_event+0x6f/0x230\n ? perf_event_alloc+0x4bb/0xdc0\n perf_event_alloc+0x65a/0xdc0\n __se_sys_perf_event_open+0x290/0x9f0\n do_syscall_64+0x93/0x7b0\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? trace_hardirqs_off+0x53/0xc0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nInstead, have the code return -ENODEV, which doesn\u0027t warn and has perf\nerror out with:\n\n # perf record -e synthetic:futex_wait\nError:\nThe sys_perf_event_open() syscall returned with 19 (No such device) for event (synthetic:futex_wait).\n\"dmesg | grep -i perf\" may provide additional information.\n\nIdeally perf should support synthetic events, but for now just fix the\nwarning. The support can come later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71125",
"url": "https://www.suse.com/security/cve/CVE-2025-71125"
},
{
"category": "external",
"summary": "SUSE Bug 1256784 for CVE-2025-71125",
"url": "https://bugzilla.suse.com/1256784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "low"
}
],
"title": "CVE-2025-71125"
},
{
"cve": "CVE-2025-71231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable \u0027i\u0027 is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71231",
"url": "https://www.suse.com/security/cve/CVE-2025-71231"
},
{
"category": "external",
"summary": "SUSE Bug 1258424 for CVE-2025-71231",
"url": "https://bugzilla.suse.com/1258424"
},
{
"category": "external",
"summary": "SUSE Bug 1258425 for CVE-2025-71231",
"url": "https://bugzilla.suse.com/1258425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2025-71231"
},
{
"cve": "CVE-2025-71268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71268",
"url": "https://www.suse.com/security/cve/CVE-2025-71268"
},
{
"category": "external",
"summary": "SUSE Bug 1259865 for CVE-2025-71268",
"url": "https://bugzilla.suse.com/1259865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-71268"
},
{
"cve": "CVE-2025-71269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is \u003c= 0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71269",
"url": "https://www.suse.com/security/cve/CVE-2025-71269"
},
{
"category": "external",
"summary": "SUSE Bug 1259889 for CVE-2025-71269",
"url": "https://bugzilla.suse.com/1259889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2025-71269"
},
{
"cve": "CVE-2026-23030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()\n\nThe for_each_available_child_of_node() calls of_node_put() to\nrelease child_np in each success loop. After breaking from the\nloop with the child_np has been released, the code will jump to\nthe put_child label and will call the of_node_put() again if the\ndevm_request_threaded_irq() fails. These cause a double free bug.\n\nFix by returning directly to avoid the duplicate of_node_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23030",
"url": "https://www.suse.com/security/cve/CVE-2026-23030"
},
{
"category": "external",
"summary": "SUSE Bug 1257561 for CVE-2026-23030",
"url": "https://bugzilla.suse.com/1257561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23030"
},
{
"cve": "CVE-2026-23047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make calc_target() set t-\u003epaused, not just clear it\n\nCurrently calc_target() clears t-\u003epaused if the request shouldn\u0027t be\npaused anymore, but doesn\u0027t ever set t-\u003epaused even though it\u0027s able to\ndetermine when the request should be paused. Setting t-\u003epaused is left\nto __submit_request() which is fine for regular requests but doesn\u0027t\nwork for linger requests -- since __submit_request() doesn\u0027t operate\non linger requests, there is nowhere for lreq-\u003et.paused to be set.\nOne consequence of this is that watches don\u0027t get reestablished on\npaused -\u003e unpaused transitions in cases where requests have been paused\nlong enough for the (paused) unwatch request to time out and for the\nsubsequent (re)watch request to enter the paused state. On top of the\nwatch not getting reestablished, rbd_reregister_watch() gets stuck with\nrbd_dev-\u003ewatch_mutex held:\n\n rbd_register_watch\n __rbd_register_watch\n ceph_osdc_watch\n linger_reg_commit_wait\n\nIt\u0027s waiting for lreq-\u003ereg_commit_wait to be completed, but for that to\nhappen the respective request needs to end up on need_resend_linger list\nand be kicked when requests are unpaused. There is no chance for that\nif the request in question is never marked paused in the first place.\n\nThe fact that rbd_dev-\u003ewatch_mutex remains taken out forever then\nprevents the image from getting unmapped -- \"rbd unmap\" would inevitably\nhang in D state on an attempt to grab the mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23047",
"url": "https://www.suse.com/security/cve/CVE-2026-23047"
},
{
"category": "external",
"summary": "SUSE Bug 1257682 for CVE-2026-23047",
"url": "https://bugzilla.suse.com/1257682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23047"
},
{
"cve": "CVE-2026-23054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc-\u003erx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23054",
"url": "https://www.suse.com/security/cve/CVE-2026-23054"
},
{
"category": "external",
"summary": "SUSE Bug 1257732 for CVE-2026-23054",
"url": "https://bugzilla.suse.com/1257732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23054"
},
{
"cve": "CVE-2026-23069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix potential underflow in virtio_transport_get_credit()\n\nThe credit calculation in virtio_transport_get_credit() uses unsigned\narithmetic:\n\n ret = vvs-\u003epeer_buf_alloc - (vvs-\u003etx_cnt - vvs-\u003epeer_fwd_cnt);\n\nIf the peer shrinks its advertised buffer (peer_buf_alloc) while bytes\nare in flight, the subtraction can underflow and produce a large\npositive value, potentially allowing more data to be queued than the\npeer can handle.\n\nReuse virtio_transport_has_space() which already handles this case and\nadd a comment to make it clear why we are doing that.\n\n[Stefano: use virtio_transport_has_space() instead of duplicating the code]\n[Stefano: tweak the commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23069",
"url": "https://www.suse.com/security/cve/CVE-2026-23069"
},
{
"category": "external",
"summary": "SUSE Bug 1257755 for CVE-2026-23069",
"url": "https://bugzilla.suse.com/1257755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23069"
},
{
"cve": "CVE-2026-23088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix crash on synthetic stacktrace field usage\n\nWhen creating a synthetic event based on an existing synthetic event that\nhad a stacktrace field and the new synthetic event used that field a\nkernel crash occurred:\n\n ~# cd /sys/kernel/tracing\n ~# echo \u0027s:stack unsigned long stack[];\u0027 \u003e dynamic_events\n ~# echo \u0027hist:keys=prev_pid:s0=common_stacktrace if prev_state \u0026 3\u0027 \u003e\u003e events/sched/sched_switch/trigger\n ~# echo \u0027hist:keys=next_pid:s1=$s0:onmatch(sched.sched_switch).trace(stack,$s1)\u0027 \u003e\u003e events/sched/sched_switch/trigger\n\nThe above creates a synthetic event that takes a stacktrace when a task\nschedules out in a non-running state and passes that stacktrace to the\nsched_switch event when that task schedules back in. It triggers the\n\"stack\" synthetic event that has a stacktrace as its field (called \"stack\").\n\n ~# echo \u0027s:syscall_stack s64 id; unsigned long stack[];\u0027 \u003e\u003e dynamic_events\n ~# echo \u0027hist:keys=common_pid:s2=stack\u0027 \u003e\u003e events/synthetic/stack/trigger\n ~# echo \u0027hist:keys=common_pid:s3=$s2,i0=id:onmatch(synthetic.stack).trace(syscall_stack,$i0,$s3)\u0027 \u003e\u003e events/raw_syscalls/sys_exit/trigger\n\nThe above makes another synthetic event called \"syscall_stack\" that\nattaches the first synthetic event (stack) to the sys_exit trace event and\nrecords the stacktrace from the stack event with the id of the system call\nthat is exiting.\n\nWhen enabling this event (or using it in a historgram):\n\n ~# echo 1 \u003e events/synthetic/syscall_stack/enable\n\nProduces a kernel crash!\n\n BUG: unable to handle page fault for address: 0000000000400010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n CPU: 6 UID: 0 PID: 1257 Comm: bash Not tainted 6.16.3+deb14-amd64 #1 PREEMPT(lazy) Debian 6.16.3-1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:trace_event_raw_event_synth+0x90/0x380\n Code: c5 00 00 00 00 85 d2 0f 84 e1 00 00 00 31 db eb 34 0f 1f 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 \u003c49\u003e 8b 04 24 48 83 c3 01 8d 0c c5 08 00 00 00 01 cd 41 3b 5d 40 0f\n RSP: 0018:ffffd2670388f958 EFLAGS: 00010202\n RAX: ffff8ba1065cc100 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: fffff266ffda7b90 RDI: ffffd2670388f9b0\n RBP: 0000000000000010 R08: ffff8ba104e76000 R09: ffffd2670388fa50\n R10: ffff8ba102dd42e0 R11: ffffffff9a908970 R12: 0000000000400010\n R13: ffff8ba10a246400 R14: ffff8ba10a710220 R15: fffff266ffda7b90\n FS: 00007fa3bc63f740(0000) GS:ffff8ba2e0f48000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000400010 CR3: 0000000107f9e003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __tracing_map_insert+0x208/0x3a0\n action_trace+0x67/0x70\n event_hist_trigger+0x633/0x6d0\n event_triggers_call+0x82/0x130\n trace_event_buffer_commit+0x19d/0x250\n trace_event_raw_event_sys_exit+0x62/0xb0\n syscall_exit_work+0x9d/0x140\n do_syscall_64+0x20a/0x2f0\n ? trace_event_raw_event_sched_switch+0x12b/0x170\n ? save_fpregs_to_fpstate+0x3e/0x90\n ? _raw_spin_unlock+0xe/0x30\n ? finish_task_switch.isra.0+0x97/0x2c0\n ? __rseq_handle_notify_resume+0xad/0x4c0\n ? __schedule+0x4b8/0xd00\n ? restore_fpregs_from_fpstate+0x3c/0x90\n ? switch_fpu_return+0x5b/0xe0\n ? do_syscall_64+0x1ef/0x2f0\n ? do_fault+0x2e9/0x540\n ? __handle_mm_fault+0x7d1/0xf70\n ? count_memcg_events+0x167/0x1d0\n ? handle_mm_fault+0x1d7/0x2e0\n ? do_user_addr_fault+0x2c3/0x7f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reason is that the stacktrace field is not labeled as such, and is\ntreated as a normal field and not as a dynamic event that it is.\n\nIn trace_event_raw_event_synth() the event is field is still treated as a\ndynamic array, but the retrieval of the data is considered a normal field,\nand the reference is just the meta data:\n\n// Meta data is retrieved instead of a dynamic array\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23088",
"url": "https://www.suse.com/security/cve/CVE-2026-23088"
},
{
"category": "external",
"summary": "SUSE Bug 1257814 for CVE-2026-23088",
"url": "https://bugzilla.suse.com/1257814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23088"
},
{
"cve": "CVE-2026-23103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Make the addrs_lock be per port\n\nMake the addrs_lock be per port, not per ipvlan dev.\n\nInitial code seems to be written in the assumption,\nthat any address change must occur under RTNL.\nBut it is not so for the case of IPv6. So\n\n1) Introduce per-port addrs_lock.\n\n2) It was needed to fix places where it was forgotten\nto take lock (ipvlan_open/ipvlan_close)\n\nThis appears to be a very minor problem though.\nSince it\u0027s highly unlikely that ipvlan_add_addr() will\nbe called on 2 CPU simultaneously. But nevertheless,\nthis could cause:\n\n1) False-negative of ipvlan_addr_busy(): one interface\niterated through all port-\u003eipvlans + ipvlan-\u003eaddrs\nunder some ipvlan spinlock, and another added IP\nunder its own lock. Though this is only possible\nfor IPv6, since looks like only ipvlan_addr6_event() can be\ncalled without rtnl_lock.\n\n2) Race since ipvlan_ht_addr_add(port) is called under\ndifferent ipvlan-\u003eaddrs_lock locks\n\nThis should not affect performance, since add/remove IP\nis a rare situation and spinlock is not taken on fast\npaths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23103",
"url": "https://www.suse.com/security/cve/CVE-2026-23103"
},
{
"category": "external",
"summary": "SUSE Bug 1257773 for CVE-2026-23103",
"url": "https://bugzilla.suse.com/1257773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23103"
},
{
"cve": "CVE-2026-23120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: avoid one data-race in l2tp_tunnel_del_work()\n\nWe should read sk-\u003esk_socket only when dealing with kernel sockets.\n\nsyzbot reported the following data-race:\n\nBUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release\n\nwrite to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0:\n sk_set_socket include/net/sock.h:2092 [inline]\n sock_orphan include/net/sock.h:2118 [inline]\n sk_common_release+0xae/0x230 net/core/sock.c:4003\n udp_lib_close+0x15/0x20 include/net/udp.h:325\n inet_release+0xce/0xf0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:662 [inline]\n sock_close+0x6b/0x150 net/socket.c:1455\n __fput+0x29b/0x650 fs/file_table.c:468\n ____fput+0x1c/0x30 fs/file_table.c:496\n task_work_run+0x131/0x1a0 kernel/task_work.c:233\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]\n exit_to_user_mode_loop+0x1fe/0x740 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x1e1/0x2b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88811c182b20 of 8 bytes by task 827 on cpu 1:\n l2tp_tunnel_del_work+0x2f/0x1a0 net/l2tp/l2tp_core.c:1418\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340\n worker_thread+0x582/0x770 kernel/workqueue.c:3421\n kthread+0x489/0x510 kernel/kthread.c:463\n ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nvalue changed: 0xffff88811b818000 -\u003e 0x0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23120",
"url": "https://www.suse.com/security/cve/CVE-2026-23120"
},
{
"category": "external",
"summary": "SUSE Bug 1258280 for CVE-2026-23120",
"url": "https://bugzilla.suse.com/1258280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23120"
},
{
"cve": "CVE-2026-23125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT\n\nA null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key\ninitialization fails:\n\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2\n RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline]\n RIP: 0010:sctp_packet_append_chunk+0xb36/0x1260 net/sctp/output.c:401\n Call Trace:\n\n sctp_packet_transmit_chunk+0x31/0x250 net/sctp/output.c:189\n sctp_outq_flush_data+0xa29/0x26d0 net/sctp/outqueue.c:1111\n sctp_outq_flush+0xc80/0x1240 net/sctp/outqueue.c:1217\n sctp_cmd_interpreter.isra.0+0x19a5/0x62c0 net/sctp/sm_sideeffect.c:1787\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x1a3/0x670 net/sctp/sm_sideeffect.c:1169\n sctp_assoc_bh_rcv+0x33e/0x640 net/sctp/associola.c:1052\n sctp_inq_push+0x1dd/0x280 net/sctp/inqueue.c:88\n sctp_rcv+0x11ae/0x3100 net/sctp/input.c:243\n sctp6_rcv+0x3d/0x60 net/sctp/ipv6.c:1127\n\nThe issue is triggered when sctp_auth_asoc_init_active_key() fails in\nsctp_sf_do_5_1C_ack() while processing an INIT_ACK. In this case, the\ncommand sequence is currently:\n\n- SCTP_CMD_PEER_INIT\n- SCTP_CMD_TIMER_STOP (T1_INIT)\n- SCTP_CMD_TIMER_START (T1_COOKIE)\n- SCTP_CMD_NEW_STATE (COOKIE_ECHOED)\n- SCTP_CMD_ASSOC_SHKEY\n- SCTP_CMD_GEN_COOKIE_ECHO\n\nIf SCTP_CMD_ASSOC_SHKEY fails, asoc-\u003eshkey remains NULL, while\nasoc-\u003epeer.auth_capable and asoc-\u003epeer.peer_chunks have already been set by\nSCTP_CMD_PEER_INIT. This allows a DATA chunk with auth = 1 and shkey = NULL\nto be queued by sctp_datamsg_from_user().\n\nSince command interpretation stops on failure, no COOKIE_ECHO should been\nsent via SCTP_CMD_GEN_COOKIE_ECHO. However, the T1_COOKIE timer has already\nbeen started, and it may enqueue a COOKIE_ECHO into the outqueue later. As\na result, the DATA chunk can be transmitted together with the COOKIE_ECHO\nin sctp_outq_flush_data(), leading to the observed issue.\n\nSimilar to the other places where it calls sctp_auth_asoc_init_active_key()\nright after sctp_process_init(), this patch moves the SCTP_CMD_ASSOC_SHKEY\nimmediately after SCTP_CMD_PEER_INIT, before stopping T1_INIT and starting\nT1_COOKIE. This ensures that if shared key generation fails, authenticated\nDATA cannot be sent. It also allows the T1_INIT timer to retransmit INIT,\ngiving the client another chance to process INIT_ACK and retry key setup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23125",
"url": "https://www.suse.com/security/cve/CVE-2026-23125"
},
{
"category": "external",
"summary": "SUSE Bug 1258293 for CVE-2026-23125",
"url": "https://bugzilla.suse.com/1258293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23125"
},
{
"cve": "CVE-2026-23136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: reset sparse-read state in osd_fault()\n\nWhen a fault occurs, the connection is abandoned, reestablished, and any\npending operations are retried. The OSD client tracks the progress of a\nsparse-read reply using a separate state machine, largely independent of\nthe messenger\u0027s state.\n\nIf a connection is lost mid-payload or the sparse-read state machine\nreturns an error, the sparse-read state is not reset. The OSD client\nwill then interpret the beginning of a new reply as the continuation of\nthe old one. If this makes the sparse-read machinery enter a failure\nstate, it may never recover, producing loops like:\n\n libceph: [0] got 0 extents\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n\nTherefore, reset the sparse-read state in osd_fault(), ensuring retries\nstart from a clean state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23136",
"url": "https://www.suse.com/security/cve/CVE-2026-23136"
},
{
"category": "external",
"summary": "SUSE Bug 1258303 for CVE-2026-23136",
"url": "https://bugzilla.suse.com/1258303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23136"
},
{
"cve": "CVE-2026-23140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Subtract size of xdp_frame from allowed metadata size\n\nThe xdp_frame structure takes up part of the XDP frame headroom,\nlimiting the size of the metadata. However, in bpf_test_run, we don\u0027t\ntake this into account, which makes it possible for userspace to supply\na metadata size that is too large (taking up the entire headroom).\n\nIf userspace supplies such a large metadata size in live packet mode,\nthe xdp_update_frame_from_buff() call in xdp_test_run_init_page() call\nwill fail, after which packet transmission proceeds with an\nuninitialised frame structure, leading to the usual Bad Stuff.\n\nThe commit in the Fixes tag fixed a related bug where the second check\nin xdp_update_frame_from_buff() could fail, but did not add any\nadditional constraints on the metadata size. Complete the fix by adding\nan additional check on the metadata size. Reorder the checks slightly to\nmake the logic clearer and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23140",
"url": "https://www.suse.com/security/cve/CVE-2026-23140"
},
{
"category": "external",
"summary": "SUSE Bug 1258305 for CVE-2026-23140",
"url": "https://bugzilla.suse.com/1258305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23140"
},
{
"cve": "CVE-2026-23154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix segmentation of forwarding fraglist GRO\n\nThis patch enhances GSO segment handling by properly checking\nthe SKB_GSO_DODGY flag for frag_list GSO packets, addressing\nlow throughput issues observed when a station accesses IPv4\nservers via hotspots with an IPv6-only upstream interface.\n\nSpecifically, it fixes a bug in GSO segmentation when forwarding\nGRO packets containing a frag_list. The function skb_segment_list\ncannot correctly process GRO skbs that have been converted by XLAT,\nsince XLAT only translates the header of the head skb. Consequently,\nskbs in the frag_list may remain untranslated, resulting in protocol\ninconsistencies and reduced throughput.\n\nTo address this, the patch explicitly sets the SKB_GSO_DODGY flag\nfor GSO packets in XLAT\u0027s IPv4/IPv6 protocol translation helpers\n(bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO\npackets as potentially modified after protocol translation. As a\nresult, GSO segmentation will avoid using skb_segment_list and\ninstead falls back to skb_segment for packets with the SKB_GSO_DODGY\nflag. This ensures that only safe and fully translated frag_list\npackets are processed by skb_segment_list, resolving protocol\ninconsistencies and improving throughput when forwarding GRO packets\nconverted by XLAT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23154",
"url": "https://www.suse.com/security/cve/CVE-2026-23154"
},
{
"category": "external",
"summary": "SUSE Bug 1258286 for CVE-2026-23154",
"url": "https://bugzilla.suse.com/1258286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23154"
},
{
"cve": "CVE-2026-23157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not strictly require dirty metadata threshold for metadata writepages\n\n[BUG]\nThere is an internal report that over 1000 processes are\nwaiting at the io_schedule_timeout() of balance_dirty_pages(), causing\na system hang and trigger a kernel coredump.\n\nThe kernel is v6.4 kernel based, but the root problem still applies to\nany upstream kernel before v6.18.\n\n[CAUSE]\nFrom Jan Kara for his wisdom on the dirty page balance behavior first.\n\n This cgroup dirty limit was what was actually playing the role here\n because the cgroup had only a small amount of memory and so the dirty\n limit for it was something like 16MB.\n\n Dirty throttling is responsible for enforcing that nobody can dirty\n (significantly) more dirty memory than there\u0027s dirty limit. Thus when\n a task is dirtying pages it periodically enters into balance_dirty_pages()\n and we let it sleep there to slow down the dirtying.\n\n When the system is over dirty limit already (either globally or within\n a cgroup of the running task), we will not let the task exit from\n balance_dirty_pages() until the number of dirty pages drops below the\n limit.\n\n So in this particular case, as I already mentioned, there was a cgroup\n with relatively small amount of memory and as a result with dirty limit\n set at 16MB. A task from that cgroup has dirtied about 28MB worth of\n pages in btrfs btree inode and these were practically the only dirty\n pages in that cgroup.\n\nSo that means the only way to reduce the dirty pages of that cgroup is\nto writeback the dirty pages of btrfs btree inode, and only after that\nthose processes can exit balance_dirty_pages().\n\nNow back to the btrfs part, btree_writepages() is responsible for\nwriting back dirty btree inode pages.\n\nThe problem here is, there is a btrfs internal threshold that if the\nbtree inode\u0027s dirty bytes are below the 32M threshold, it will not\ndo any writeback.\n\nThis behavior is to batch as much metadata as possible so we won\u0027t write\nback those tree blocks and then later re-COW them again for another\nmodification.\n\nThis internal 32MiB is higher than the existing dirty page size (28MiB),\nmeaning no writeback will happen, causing a deadlock between btrfs and\ncgroup:\n\n- Btrfs doesn\u0027t want to write back btree inode until more dirty pages\n\n- Cgroup/MM doesn\u0027t want more dirty pages for btrfs btree inode\n Thus any process touching that btree inode is put into sleep until\n the number of dirty pages is reduced.\n\nThanks Jan Kara a lot for the analysis of the root cause.\n\n[ENHANCEMENT]\nSince kernel commit b55102826d7d (\"btrfs: set AS_KERNEL_FILE on the\nbtree_inode\"), btrfs btree inode pages will only be charged to the root\ncgroup which should have a much larger limit than btrfs\u0027 32MiB\nthreshold.\nSo it should not affect newer kernels.\n\nBut for all current LTS kernels, they are all affected by this problem,\nand backporting the whole AS_KERNEL_FILE may not be a good idea.\n\nEven for newer kernels I still think it\u0027s a good idea to get\nrid of the internal threshold at btree_writepages(), since for most cases\ncgroup/MM has a better view of full system memory usage than btrfs\u0027 fixed\nthreshold.\n\nFor internal callers using btrfs_btree_balance_dirty() since that\nfunction is already doing internal threshold check, we don\u0027t need to\nbother them.\n\nBut for external callers of btree_writepages(), just respect their\nrequests and write back whatever they want, ignoring the internal\nbtrfs threshold to avoid such deadlock on btree inode dirty page\nbalancing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23157",
"url": "https://www.suse.com/security/cve/CVE-2026-23157"
},
{
"category": "external",
"summary": "SUSE Bug 1258376 for CVE-2026-23157",
"url": "https://bugzilla.suse.com/1258376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23157"
},
{
"cve": "CVE-2026-23169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race in mptcp_pm_nl_flush_addrs_doit()\n\nsyzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()\nand/or mptcp_pm_nl_is_backup()\n\nRoot cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()\nwhich is not RCU ready.\n\nlist_splice_init_rcu() can not be called here while holding pernet-\u003elock\nspinlock.\n\nMany thanks to Eulgyu Kim for providing a repro and testing our patches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23169",
"url": "https://www.suse.com/security/cve/CVE-2026-23169"
},
{
"category": "external",
"summary": "SUSE Bug 1258389 for CVE-2026-23169",
"url": "https://bugzilla.suse.com/1258389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23169"
},
{
"cve": "CVE-2026-23187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains\n\nFix out-of-range access of bc-\u003edomains in imx8m_blk_ctrl_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23187",
"url": "https://www.suse.com/security/cve/CVE-2026-23187"
},
{
"category": "external",
"summary": "SUSE Bug 1258330 for CVE-2026-23187",
"url": "https://bugzilla.suse.com/1258330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23187"
},
{
"cve": "CVE-2026-23193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()\n\nIn iscsit_dec_session_usage_count(), the function calls complete() while\nholding the sess-\u003esession_usage_lock. Similar to the connection usage count\nlogic, the waiter signaled by complete() (e.g., in the session release\npath) may wake up and free the iscsit_session structure immediately.\n\nThis creates a race condition where the current thread may attempt to\nexecute spin_unlock_bh() on a session structure that has already been\ndeallocated, resulting in a KASAN slab-use-after-free.\n\nTo resolve this, release the session_usage_lock before calling complete()\nto ensure all dereferences of the sess pointer are finished before the\nwaiter is allowed to proceed with deallocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23193",
"url": "https://www.suse.com/security/cve/CVE-2026-23193"
},
{
"category": "external",
"summary": "SUSE Bug 1258414 for CVE-2026-23193",
"url": "https://bugzilla.suse.com/1258414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23193"
},
{
"cve": "CVE-2026-23201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix oops due to invalid pointer for kfree() in parse_longname()\n\nThis fixes a kernel oops when reading ceph snapshot directories (.snap),\nfor example by simply running `ls /mnt/my_ceph/.snap`.\n\nThe variable str is guarded by __free(kfree), but advanced by one for\nskipping the initial \u0027_\u0027 in snapshot names. Thus, kfree() is called\nwith an invalid pointer. This patch removes the need for advancing the\npointer so kfree() is called with correct memory pointer.\n\nSteps to reproduce:\n\n1. Create snapshots on a cephfs volume (I\u0027ve 63 snaps in my testcase)\n\n2. Add cephfs mount to fstab\n$ echo \"samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6 /mnt/test/stuff ceph acl,noatime,_netdev 0 0\" \u003e\u003e /etc/fstab\n\n3. Reboot the system\n$ systemctl reboot\n\n4. Check if it\u0027s really mounted\n$ mount | grep stuff\n\n5. List snapshots (expected 63 snapshots on my system)\n$ ls /mnt/test/stuff/.snap\n\nNow ls hangs forever and the kernel log shows the oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23201",
"url": "https://www.suse.com/security/cve/CVE-2026-23201"
},
{
"category": "external",
"summary": "SUSE Bug 1258337 for CVE-2026-23201",
"url": "https://bugzilla.suse.com/1258337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23201"
},
{
"cve": "CVE-2026-23202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23202",
"url": "https://www.suse.com/security/cve/CVE-2026-23202"
},
{
"category": "external",
"summary": "SUSE Bug 1258338 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "external",
"summary": "SUSE Bug 1261033 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1261033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23202"
},
{
"cve": "CVE-2026-23204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23204",
"url": "https://www.suse.com/security/cve/CVE-2026-23204"
},
{
"category": "external",
"summary": "SUSE Bug 1258340 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "external",
"summary": "SUSE Bug 1259126 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1259126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23204"
},
{
"cve": "CVE-2026-23207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer check in IRQ handler\n\nNow that all other accesses to curr_xfer are done under the lock,\nprotect the curr_xfer NULL check in tegra_qspi_isr_thread() with the\nspinlock. Without this protection, the following race can occur:\n\n CPU0 (ISR thread) CPU1 (timeout path)\n ---------------- -------------------\n if (!tqspi-\u003ecurr_xfer)\n // sees non-NULL\n spin_lock()\n tqspi-\u003ecurr_xfer = NULL\n spin_unlock()\n handle_*_xfer()\n spin_lock()\n t = tqspi-\u003ecurr_xfer // NULL!\n ... t-\u003elen ... // NULL dereference!\n\nWith this patch, all curr_xfer accesses are now properly synchronized.\n\nAlthough all accesses to curr_xfer are done under the lock, in\ntegra_qspi_isr_thread() it checks for NULL, releases the lock and\nreacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer().\nThere is a potential for an update in between, which could cause a NULL\npointer dereference.\n\nTo handle this, add a NULL check inside the handlers after acquiring\nthe lock. This ensures that if the timeout path has already cleared\ncurr_xfer, the handler will safely return without dereferencing the\nNULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23207",
"url": "https://www.suse.com/security/cve/CVE-2026-23207"
},
{
"category": "external",
"summary": "SUSE Bug 1258524 for CVE-2026-23207",
"url": "https://bugzilla.suse.com/1258524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23207"
},
{
"cve": "CVE-2026-23216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn-\u003econn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23216",
"url": "https://www.suse.com/security/cve/CVE-2026-23216"
},
{
"category": "external",
"summary": "SUSE Bug 1258447 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "external",
"summary": "SUSE Bug 1258448 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23216"
},
{
"cve": "CVE-2026-23231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n under rcu_read_lock(). A concurrent dump can still be walking\n the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n installs the IPv4 hook before IPv6 registration fails. Packets\n entering nft_do_chain() via the transient IPv4 hook can still be\n dereferencing chain-\u003eblob_gen_X when the error path frees the\n chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23231",
"url": "https://www.suse.com/security/cve/CVE-2026-23231"
},
{
"category": "external",
"summary": "SUSE Bug 1259188 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "external",
"summary": "SUSE Bug 1259189 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp-\u003erx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp-\u003erx_fpdu-\u003emore_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23242",
"url": "https://www.suse.com/security/cve/CVE-2026-23242"
},
{
"category": "external",
"summary": "SUSE Bug 1259795 for CVE-2026-23242",
"url": "https://bugzilla.suse.com/1259795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23242"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt-\u003edev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt-\u003edev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt-\u003edev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23255",
"url": "https://www.suse.com/security/cve/CVE-2026-23255"
},
{
"category": "external",
"summary": "SUSE Bug 1259891 for CVE-2026-23255",
"url": "https://bugzilla.suse.com/1259891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23255"
},
{
"cve": "CVE-2026-23262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC\u0027s stats.\n\nWhen the number of queues is changed, the driver\u0027s stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23262",
"url": "https://www.suse.com/security/cve/CVE-2026-23262"
},
{
"category": "external",
"summary": "SUSE Bug 1259870 for CVE-2026-23262",
"url": "https://bugzilla.suse.com/1259870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23262"
},
{
"cve": "CVE-2026-23270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks\n\nAs Paolo said earlier [1]:\n\n\"Since the blamed commit below, classify can return TC_ACT_CONSUMED while\nthe current skb being held by the defragmentation engine. As reported by\nGangMin Kim, if such packet is that may cause a UaF when the defrag engine\nlater on tries to tuch again such packet.\"\n\nact_ct was never meant to be used in the egress path, however some users\nare attaching it to egress today [2]. Attempting to reach a middle\nground, we noticed that, while most qdiscs are not handling\nTC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we\naddress the issue by only allowing act_ct to bind to clsact/ingress\nqdiscs and shared blocks. That way it\u0027s still possible to attach act_ct to\negress (albeit only with clsact).\n\n[1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/\n[2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23270",
"url": "https://www.suse.com/security/cve/CVE-2026-23270"
},
{
"category": "external",
"summary": "SUSE Bug 1259886 for CVE-2026-23270",
"url": "https://bugzilla.suse.com/1259886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23270"
},
{
"cve": "CVE-2026-23272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set-\u003enelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set-\u003enelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23272",
"url": "https://www.suse.com/security/cve/CVE-2026-23272"
},
{
"category": "external",
"summary": "SUSE Bug 1260009 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "external",
"summary": "SUSE Bug 1260909 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23272"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n \u003cTASK\u003e\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n __gre_xmit (net/ipv4/ip_gre.c:478)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n teql_master_xmit (net/sched/sch_teql.c:319)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n neigh_direct_output (net/core/neighbour.c:1660)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n ip_mc_output (net/ipv4/ip_output.c:369)\n ip_send_skb (net/ipv4/ip_output.c:1508)\n udp_send_skb (net/ipv4/udp.c:1195)\n udp_sendmsg (net/ipv4/udp.c:1485)\n inet_sendmsg (net/ipv4/af_inet.c:859)\n __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23277",
"url": "https://www.suse.com/security/cve/CVE-2026-23277"
},
{
"category": "external",
"summary": "SUSE Bug 1259997 for CVE-2026-23277",
"url": "https://bugzilla.suse.com/1259997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23277"
},
{
"cve": "CVE-2026-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23278",
"url": "https://www.suse.com/security/cve/CVE-2026-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1259998 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "external",
"summary": "SUSE Bug 1260907 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1260907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23278"
},
{
"cve": "CVE-2026-23281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix use-after-free in lbs_free_adapter()\n\nThe lbs_free_adapter() function uses timer_delete() (non-synchronous)\nfor both command_timer and tx_lockup_timer before the structure is\nfreed. This is incorrect because timer_delete() does not wait for\nany running timer callback to complete.\n\nIf a timer callback is executing when lbs_free_adapter() is called,\nthe callback will access freed memory since lbs_cfg_free() frees the\ncontaining structure immediately after lbs_free_adapter() returns.\n\nBoth timer callbacks (lbs_cmd_timeout_handler and lbs_tx_lockup_handler)\naccess priv-\u003edriver_lock, priv-\u003ecur_cmd, priv-\u003edev, and other fields,\nwhich would all be use-after-free violations.\n\nUse timer_delete_sync() instead to ensure any running timer callback\nhas completed before returning.\n\nThis bug was introduced in commit 8f641d93c38a (\"libertas: detect TX\nlockups and reset hardware\") where del_timer() was used instead of\ndel_timer_sync() in the cleanup path. The command_timer has had the\nsame issue since the driver was first written.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23281",
"url": "https://www.suse.com/security/cve/CVE-2026-23281"
},
{
"category": "external",
"summary": "SUSE Bug 1260464 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "external",
"summary": "SUSE Bug 1260466 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23281"
},
{
"cve": "CVE-2026-23292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, \u0026p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store(). This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n down_read\n __configfs_open_file\n do_dentry_open\n vfs_open\n do_open\n path_openat\n do_filp_open\n file_open_name\n filp_open\n target_core_item_dbroot_store\n flush_write_buffer\n configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23292",
"url": "https://www.suse.com/security/cve/CVE-2026-23292"
},
{
"category": "external",
"summary": "SUSE Bug 1260500 for CVE-2026-23292",
"url": "https://bugzilla.suse.com/1260500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23292"
},
{
"cve": "CVE-2026-23293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n \u003cTASK\u003e\n vxlan_xmit+0x638/0x1ef0 [vxlan]\n dev_hard_start_xmit+0x9e/0x2e0\n __dev_queue_xmit+0xbee/0x14e0\n packet_sendmsg+0x116f/0x1930\n __sys_sendto+0x1f5/0x200\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x12f/0x1590\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23293",
"url": "https://www.suse.com/security/cve/CVE-2026-23293"
},
{
"category": "external",
"summary": "SUSE Bug 1260486 for CVE-2026-23293",
"url": "https://bugzilla.suse.com/1260486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23293"
},
{
"cve": "CVE-2026-23304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -\u003e ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n Call Trace:\n ip6_pol_route (net/ipv6/route.c:2318)\n fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n ip6_route_output_flags (net/ipv6/route.c:2607)\n vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23304",
"url": "https://www.suse.com/security/cve/CVE-2026-23304"
},
{
"category": "external",
"summary": "SUSE Bug 1260544 for CVE-2026-23304",
"url": "https://bugzilla.suse.com/1260544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23304"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-23319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim\n\nThe root cause of this bug is that when \u0027bpf_link_put\u0027 reduces the\nrefcount of \u0027shim_link-\u003elink.link\u0027 to zero, the resource is considered\nreleased but may still be referenced via \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027cgroup_shim_find\u0027. The actual cleanup of \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027bpf_shim_tramp_link_release\u0027 is deferred. During this window, another\nprocess can cause a use-after-free via \u0027bpf_trampoline_link_cgroup_shim\u0027.\n\nBased on Martin KaFai Lau\u0027s suggestions, I have created a simple patch.\n\nTo fix this:\n Add an atomic non-zero check in \u0027bpf_trampoline_link_cgroup_shim\u0027.\n Only increment the refcount if it is not already zero.\n\nTesting:\n I verified the fix by adding a delay in\n \u0027bpf_shim_tramp_link_release\u0027 to make the bug easier to trigger:\n\nstatic void bpf_shim_tramp_link_release(struct bpf_link *link)\n{\n\t/* ... */\n\tif (!shim_link-\u003etrampoline)\n\t\treturn;\n\n+\tmsleep(100);\n\tWARN_ON_ONCE(bpf_trampoline_unlink_prog(\u0026shim_link-\u003elink,\n\t\tshim_link-\u003etrampoline, NULL));\n\tbpf_trampoline_put(shim_link-\u003etrampoline);\n}\n\nBefore the patch, running a PoC easily reproduced the crash(almost 100%)\nwith a call trace similar to KaiyanM\u0027s report.\nAfter the patch, the bug no longer occurs even after millions of\niterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23319",
"url": "https://www.suse.com/security/cve/CVE-2026-23319"
},
{
"category": "external",
"summary": "SUSE Bug 1260735 for CVE-2026-23319",
"url": "https://bugzilla.suse.com/1260735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23319"
},
{
"cve": "CVE-2026-23335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23335",
"url": "https://www.suse.com/security/cve/CVE-2026-23335"
},
{
"category": "external",
"summary": "SUSE Bug 1260550 for CVE-2026-23335",
"url": "https://bugzilla.suse.com/1260550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "low"
}
],
"title": "CVE-2026-23335"
},
{
"cve": "CVE-2026-23343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: produce a warning when calculated tailroom is negative\n\nMany ethernet drivers report xdp Rx queue frag size as being the same as\nDMA write size. However, the only user of this field, namely\nbpf_xdp_frags_increase_tail(), clearly expects a truesize.\n\nSuch difference leads to unspecific memory corruption issues under certain\ncircumstances, e.g. in ixgbevf maximum DMA write size is 3 KB, so when\nrunning xskxceiver\u0027s XDP_ADJUST_TAIL_GROW_MULTI_BUFF, 6K packet fully uses\nall DMA-writable space in 2 buffers. This would be fine, if only\nrxq-\u003efrag_size was properly set to 4K, but value of 3K results in a\nnegative tailroom, because there is a non-zero page offset.\n\nWe are supposed to return -EINVAL and be done with it in such case, but due\nto tailroom being stored as an unsigned int, it is reported to be somewhere\nnear UINT_MAX, resulting in a tail being grown, even if the requested\noffset is too much (it is around 2K in the abovementioned test). This later\nleads to all kinds of unspecific calltraces.\n\n[ 7340.337579] xskxceiver[1440]: segfault at 1da718 ip 00007f4161aeac9d sp 00007f41615a6a00 error 6\n[ 7340.338040] xskxceiver[1441]: segfault at 7f410000000b ip 00000000004042b5 sp 00007f415bffecf0 error 4\n[ 7340.338179] in libc.so.6[61c9d,7f4161aaf000+160000]\n[ 7340.339230] in xskxceiver[42b5,400000+69000]\n[ 7340.340300] likely on CPU 6 (core 0, socket 6)\n[ 7340.340302] Code: ff ff 01 e9 f4 fe ff ff 0f 1f 44 00 00 4c 39 f0 74 73 31 c0 ba 01 00 00 00 f0 0f b1 17 0f 85 ba 00 00 00 49 8b 87 88 00 00 00 \u003c4c\u003e 89 70 08 eb cc 0f 1f 44 00 00 48 8d bd f0 fe ff ff 89 85 ec fe\n[ 7340.340888] likely on CPU 3 (core 0, socket 3)\n[ 7340.345088] Code: 00 00 00 ba 00 00 00 00 be 00 00 00 00 89 c7 e8 31 ca ff ff 89 45 ec 8b 45 ec 85 c0 78 07 b8 00 00 00 00 eb 46 e8 0b c8 ff ff \u003c8b\u003e 00 83 f8 69 74 24 e8 ff c7 ff ff 8b 00 83 f8 0b 74 18 e8 f3 c7\n[ 7340.404334] Oops: general protection fault, probably for non-canonical address 0x6d255010bdffc: 0000 [#1] SMP NOPTI\n[ 7340.405972] CPU: 7 UID: 0 PID: 1439 Comm: xskxceiver Not tainted 6.19.0-rc1+ #21 PREEMPT(lazy)\n[ 7340.408006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[ 7340.409716] RIP: 0010:lookup_swap_cgroup_id+0x44/0x80\n[ 7340.410455] Code: 83 f8 1c 73 39 48 ba ff ff ff ff ff ff ff 03 48 8b 04 c5 20 55 fa bd 48 21 d1 48 89 ca 83 e1 01 48 d1 ea c1 e1 04 48 8d 04 90 \u003c8b\u003e 00 48 83 c4 10 d3 e8 c3 cc cc cc cc 31 c0 e9 98 b7 dd 00 48 89\n[ 7340.412787] RSP: 0018:ffffcc5c04f7f6d0 EFLAGS: 00010202\n[ 7340.413494] RAX: 0006d255010bdffc RBX: ffff891f477895a8 RCX: 0000000000000010\n[ 7340.414431] RDX: 0001c17e3fffffff RSI: 00fa070000000000 RDI: 000382fc7fffffff\n[ 7340.415354] RBP: 00fa070000000000 R08: ffffcc5c04f7f8f8 R09: ffffcc5c04f7f7d0\n[ 7340.416283] R10: ffff891f4c1a7000 R11: ffffcc5c04f7f9c8 R12: ffffcc5c04f7f7d0\n[ 7340.417218] R13: 03ffffffffffffff R14: 00fa06fffffffe00 R15: ffff891f47789500\n[ 7340.418229] FS: 0000000000000000(0000) GS:ffff891ffdfaa000(0000) knlGS:0000000000000000\n[ 7340.419489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7340.420286] CR2: 00007f415bfffd58 CR3: 0000000103f03002 CR4: 0000000000772ef0\n[ 7340.421237] PKRU: 55555554\n[ 7340.421623] Call Trace:\n[ 7340.421987] \u003cTASK\u003e\n[ 7340.422309] ? softleaf_from_pte+0x77/0xa0\n[ 7340.422855] swap_pte_batch+0xa7/0x290\n[ 7340.423363] zap_nonpresent_ptes.constprop.0.isra.0+0xd1/0x270\n[ 7340.424102] zap_pte_range+0x281/0x580\n[ 7340.424607] zap_pmd_range.isra.0+0xc9/0x240\n[ 7340.425177] unmap_page_range+0x24d/0x420\n[ 7340.425714] unmap_vmas+0xa1/0x180\n[ 7340.426185] exit_mmap+0xe1/0x3b0\n[ 7340.426644] __mmput+0x41/0x150\n[ 7340.427098] exit_mm+0xb1/0x110\n[ 7340.427539] do_exit+0x1b2/0x460\n[ 7340.427992] do_group_exit+0x2d/0xc0\n[ 7340.428477] get_signal+0x79d/0x7e0\n[ 7340.428957] arch_do_signal_or_restart+0x34/0x100\n[ 7340.429571] exit_to_user_mode_loop+0x8e/0x4c0\n[ 7340.430159] do_syscall_64+0x188/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23343",
"url": "https://www.suse.com/security/cve/CVE-2026-23343"
},
{
"category": "external",
"summary": "SUSE Bug 1260527 for CVE-2026-23343",
"url": "https://bugzilla.suse.com/1260527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23343"
},
{
"cve": "CVE-2026-23361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry\n\nEndpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X\ninterrupt to the host using a writel(), which generates a PCI posted write\ntransaction. There\u0027s no completion for posted writes, so the writel() may\nreturn before the PCI write completes. dw_pcie_ep_raise_msix_irq() also\nunmaps the outbound ATU entry used for the PCI write, so the write races\nwith the unmap.\n\nIf the PCI write loses the race with the ATU unmap, the write may corrupt\nhost memory or cause IOMMU errors, e.g., these when running fio with a\nlarger queue depth against nvmet-pci-epf:\n\n arm-smmu-v3 fc900000.iommu: 0x0000010000000010\n arm-smmu-v3 fc900000.iommu: 0x0000020000000000\n arm-smmu-v3 fc900000.iommu: 0x000000090000f040\n arm-smmu-v3 fc900000.iommu: 0x0000000000000000\n arm-smmu-v3 fc900000.iommu: event: F_TRANSLATION client: 0000:01:00.0 sid: 0x100 ssid: 0x0 iova: 0x90000f040 ipa: 0x0\n arm-smmu-v3 fc900000.iommu: unpriv data write s1 \"Input address caused fault\" stag: 0x0\n\nFlush the write by performing a readl() of the same address to ensure that\nthe write has reached the destination before the ATU entry is unmapped.\n\nThe same problem was solved for dw_pcie_ep_raise_msi_irq() in commit\n8719c64e76bf (\"PCI: dwc: ep: Cache MSI outbound iATU mapping\"), but there\nit was solved by dedicating an outbound iATU only for MSI. We can\u0027t do the\nsame for MSI-X because each vector can have a different msg_addr and the\nmsg_addr may be changed while the vector is masked.\n\n[bhelgaas: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23361",
"url": "https://www.suse.com/security/cve/CVE-2026-23361"
},
{
"category": "external",
"summary": "SUSE Bug 1260732 for CVE-2026-23361",
"url": "https://bugzilla.suse.com/1260732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23361"
},
{
"cve": "CVE-2026-23379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: fix divide by zero in the offload path\n\nOffloading ETS requires computing each class\u0027 WRR weight: this is done by\naveraging over the sums of quanta as \u0027q_sum\u0027 and \u0027q_psum\u0027. Using unsigned\nint, the same integer size as the individual DRR quanta, can overflow and\neven cause division by zero, like it happened in the following splat:\n\n Oops: divide error: 0000 [#1] SMP PTI\n CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G E 6.19.0-virtme #45 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ets_qdisc_change+0x870/0xf40 [sch_ets]\n qdisc_create+0x12b/0x540\n tc_modify_qdisc+0x6d7/0xbd0\n rtnetlink_rcv_msg+0x168/0x6b0\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x1d6/0x2b0\n netlink_sendmsg+0x22e/0x470\n ____sys_sendmsg+0x38a/0x3c0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x111/0xf80\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f440b81c77e\n Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e\n RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003\n RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8\n R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980\n \u003c/TASK\u003e\n Modules linked in: sch_ets(E) netdevsim(E)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n\nFix this using 64-bit integers for \u0027q_sum\u0027 and \u0027q_psum\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23379",
"url": "https://www.suse.com/security/cve/CVE-2026-23379"
},
{
"category": "external",
"summary": "SUSE Bug 1260481 for CVE-2026-23379",
"url": "https://bugzilla.suse.com/1260481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23379"
},
{
"cve": "CVE-2026-23381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23381"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n \u003cIRQ\u003e\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23381",
"url": "https://www.suse.com/security/cve/CVE-2026-23381"
},
{
"category": "external",
"summary": "SUSE Bug 1260471 for CVE-2026-23381",
"url": "https://bugzilla.suse.com/1260471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23381"
},
{
"cve": "CVE-2026-23383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23383"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing\n\nstruct bpf_plt contains a u64 target field. Currently, the BPF JIT\nallocator requests an alignment of 4 bytes (sizeof(u32)) for the JIT\nbuffer.\n\nBecause the base address of the JIT buffer can be 4-byte aligned (e.g.,\nending in 0x4 or 0xc), the relative padding logic in build_plt() fails\nto ensure that target lands on an 8-byte boundary.\n\nThis leads to two issues:\n1. UBSAN reports misaligned-access warnings when dereferencing the\n structure.\n2. More critically, target is updated concurrently via WRITE_ONCE() in\n bpf_arch_text_poke() while the JIT\u0027d code executes ldr. On arm64,\n 64-bit loads/stores are only guaranteed to be single-copy atomic if\n they are 64-bit aligned. A misaligned target risks a torn read,\n causing the JIT to jump to a corrupted address.\n\nFix this by increasing the allocation alignment requirement to 8 bytes\n(sizeof(u64)) in bpf_jit_binary_pack_alloc(). This anchors the base of\nthe JIT buffer to an 8-byte boundary, allowing the relative padding math\nin build_plt() to correctly align the target field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23383",
"url": "https://www.suse.com/security/cve/CVE-2026-23383"
},
{
"category": "external",
"summary": "SUSE Bug 1260497 for CVE-2026-23383",
"url": "https://bugzilla.suse.com/1260497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23383"
},
{
"cve": "CVE-2026-23386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL\n\nIn DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA\nbuffer cleanup path. It iterates num_bufs times and attempts to unmap\nentries in the dma array.\n\nThis leads to two issues:\n1. The dma array shares storage with tx_qpl_buf_ids (union).\n Interpreting buffer IDs as DMA addresses results in attempting to\n unmap incorrect memory locations.\n2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed\n the size of the dma array, causing out-of-bounds access warnings\n(trace below is how we noticed this issue).\n\nUBSAN: array-index-out-of-bounds in\ndrivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c:178:5 index 18 is out of\nrange for type \u0027dma_addr_t[18]\u0027 (aka \u0027unsigned long long[18]\u0027)\nWorkqueue: gve gve_service_task [gve]\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x33/0xa0\n__ubsan_handle_out_of_bounds+0xdc/0x110\ngve_tx_stop_ring_dqo+0x182/0x200 [gve]\ngve_close+0x1be/0x450 [gve]\ngve_reset+0x99/0x120 [gve]\ngve_service_task+0x61/0x100 [gve]\nprocess_scheduled_works+0x1e9/0x380\n\nFix this by properly checking for QPL mode and delegating to\ngve_free_tx_qpl_bufs() to reclaim the buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23386",
"url": "https://www.suse.com/security/cve/CVE-2026-23386"
},
{
"category": "external",
"summary": "SUSE Bug 1260799 for CVE-2026-23386",
"url": "https://bugzilla.suse.com/1260799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23386"
},
{
"cve": "CVE-2026-23395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ\n\nCurrently the code attempts to accept requests regardless of the\ncommand identifier which may cause multiple requests to be marked\nas pending (FLAG_DEFER_SETUP) which can cause more than\nL2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer\ncausing an overflow.\n\nThe spec is quite clear that the same identifier shall not be used on\nsubsequent requests:\n\n\u0027Within each signaling channel a different Identifier shall be used\nfor each successive request or indication.\u0027\nhttps://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-62/out/en/host/logical-link-control-and-adaptation-protocol-specification.html#UUID-32a25a06-4aa4-c6c7-77c5-dcfe3682355d\n\nSo this attempts to check if there are any channels pending with the\nsame identifier and rejects if any are found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23395",
"url": "https://www.suse.com/security/cve/CVE-2026-23395"
},
{
"category": "external",
"summary": "SUSE Bug 1260580 for CVE-2026-23395",
"url": "https://bugzilla.suse.com/1260580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23395"
},
{
"cve": "CVE-2026-23398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23398"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: fix NULL pointer dereference in icmp_tag_validation()\n\nicmp_tag_validation() unconditionally dereferences the result of\nrcu_dereference(inet_protos[proto]) without checking for NULL.\nThe inet_protos[] array is sparse -- only about 15 of 256 protocol\nnumbers have registered handlers. When ip_no_pmtu_disc is set to 3\n(hardened PMTU mode) and the kernel receives an ICMP Fragmentation\nNeeded error with a quoted inner IP header containing an unregistered\nprotocol number, the NULL dereference causes a kernel panic in\nsoftirq context.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143)\n Call Trace:\n \u003cIRQ\u003e\n icmp_rcv (net/ipv4/icmp.c:1527)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (net/ipv4/ip_input.c:242)\n ip_local_deliver (net/ipv4/ip_input.c:262)\n ip_rcv (net/ipv4/ip_input.c:573)\n __netif_receive_skb_one_core (net/core/dev.c:6164)\n process_backlog (net/core/dev.c:6628)\n handle_softirqs (kernel/softirq.c:561)\n \u003c/IRQ\u003e\n\nAdd a NULL check before accessing icmp_strict_tag_validation. If the\nprotocol has no registered handler, return false since it cannot\nperform strict tag validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23398",
"url": "https://www.suse.com/security/cve/CVE-2026-23398"
},
{
"category": "external",
"summary": "SUSE Bug 1260730 for CVE-2026-23398",
"url": "https://bugzilla.suse.com/1260730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23398"
},
{
"cve": "CVE-2026-23412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: defer hook memory release until rcu readers are done\n\nYiming Qian reports UaF when concurrent process is dumping hooks via\nnfnetlink_hooks:\n\nBUG: KASAN: slab-use-after-free in nfnl_hook_dump_one.isra.0+0xe71/0x10f0\nRead of size 8 at addr ffff888003edbf88 by task poc/79\nCall Trace:\n \u003cTASK\u003e\n nfnl_hook_dump_one.isra.0+0xe71/0x10f0\n netlink_dump+0x554/0x12b0\n nfnl_hook_get+0x176/0x230\n [..]\n\nDefer release until after concurrent readers have completed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23412",
"url": "https://www.suse.com/security/cve/CVE-2026-23412"
},
{
"category": "external",
"summary": "SUSE Bug 1261412 for CVE-2026-23412",
"url": "https://bugzilla.suse.com/1261412"
},
{
"category": "external",
"summary": "SUSE Bug 1261579 for CVE-2026-23412",
"url": "https://bugzilla.suse.com/1261579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-23412"
},
{
"cve": "CVE-2026-23413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23413"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclsact: Fix use-after-free in init/destroy rollback asymmetry\n\nFix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry.\nThe latter is achieved by first fully initializing a clsact instance, and\nthen in a second step having a replacement failure for the new clsact qdisc\ninstance. clsact_init() initializes ingress first and then takes care of the\negress part. This can fail midway, for example, via tcf_block_get_ext(). Upon\nfailure, the kernel will trigger the clsact_destroy() callback.\n\nCommit 1cb6f0bae504 (\"bpf: Fix too early release of tcx_entry\") details the\nway how the transition is happening. If tcf_block_get_ext on the q-\u003eingress_block\nends up failing, we took the tcx_miniq_inc reference count on the ingress\nside, but not yet on the egress side. clsact_destroy() tests whether the\n{ingress,egress}_entry was non-NULL. However, even in midway failure on the\nreplacement, both are in fact non-NULL with a valid egress_entry from the\nprevious clsact instance.\n\nWhat we really need to test for is whether the qdisc instance-specific ingress\nor egress side previously got initialized. This adds a small helper for checking\nthe miniq initialization called mini_qdisc_pair_inited, and utilizes that upon\nclsact_destroy() in order to fix the use-after-free scenario. Convert the\ningress_destroy() side as well so both are consistent to each other.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23413",
"url": "https://www.suse.com/security/cve/CVE-2026-23413"
},
{
"category": "external",
"summary": "SUSE Bug 1261498 for CVE-2026-23413",
"url": "https://bugzilla.suse.com/1261498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23413"
},
{
"cve": "CVE-2026-23414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Purge async_hold in tls_decrypt_async_wait()\n\nThe async_hold queue pins encrypted input skbs while\nthe AEAD engine references their scatterlist data. Once\ntls_decrypt_async_wait() returns, every AEAD operation\nhas completed and the engine no longer references those\nskbs, so they can be freed unconditionally.\n\nA subsequent patch adds batch async decryption to\ntls_sw_read_sock(), introducing a new call site that\nmust drain pending AEAD operations and release held\nskbs. Move __skb_queue_purge(\u0026ctx-\u003easync_hold) into\ntls_decrypt_async_wait() so the purge is centralized\nand every caller -- recvmsg\u0027s drain path, the -EBUSY\nfallback in tls_do_decryption(), and the new read_sock\nbatch path -- releases held skbs on synchronization\nwithout each site managing the purge independently.\n\nThis fixes a leak when tls_strp_msg_hold() fails part-way through,\nafter having added some cloned skbs to the async_hold\nqueue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to\nprocess all pending decrypts, and drop back to synchronous mode, but\ntls_sw_recvmsg() only flushes the async_hold queue when one record has\nbeen processed in \"fully-async\" mode, which may not be the case here.\n\n[pabeni@redhat.com: added leak comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23414",
"url": "https://www.suse.com/security/cve/CVE-2026-23414"
},
{
"category": "external",
"summary": "SUSE Bug 1261496 for CVE-2026-23414",
"url": "https://bugzilla.suse.com/1261496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23414"
},
{
"cve": "CVE-2026-23419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23419"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix circular locking dependency in rds_tcp_tune\n\nsyzbot reported a circular locking dependency in rds_tcp_tune() where\nsk_net_refcnt_upgrade() is called while holding the socket lock:\n\n======================================================\nWARNING: possible circular locking dependency detected\n======================================================\nkworker/u10:8/15040 is trying to acquire lock:\nffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},\nat: __kmalloc_cache_noprof+0x4b/0x6f0\n\nbut task is already holding lock:\nffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},\nat: rds_tcp_tune+0xd7/0x930\n\nThe issue occurs because sk_net_refcnt_upgrade() performs memory\nallocation (via get_net_track() -\u003e ref_tracker_alloc()) while the\nsocket lock is held, creating a circular dependency with fs_reclaim.\n\nFix this by moving sk_net_refcnt_upgrade() outside the socket lock\ncritical section. This is safe because the fields modified by the\nsk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not\naccessed by any concurrent code path at this point.\n\nv2:\n - Corrected fixes tag\n - check patch line wrap nits\n - ai commentary nits",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23419",
"url": "https://www.suse.com/security/cve/CVE-2026-23419"
},
{
"category": "external",
"summary": "SUSE Bug 1261507 for CVE-2026-23419",
"url": "https://bugzilla.suse.com/1261507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "moderate"
}
],
"title": "CVE-2026-23419"
},
{
"cve": "CVE-2026-31788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: restrict usage in unprivileged domU\n\nThe Xen privcmd driver allows to issue arbitrary hypercalls from\nuser space processes. This is normally no problem, as access is\nusually limited to root and the hypervisor will deny any hypercalls\naffecting other domains.\n\nIn case the guest is booted using secure boot, however, the privcmd\ndriver would be enabling a root user process to modify e.g. kernel\nmemory contents, thus breaking the secure boot feature.\n\nThe only known case where an unprivileged domU is really needing to\nuse the privcmd driver is the case when it is acting as the device\nmodel for another guest. In this case all hypercalls issued via the\nprivcmd driver will target that other guest.\n\nFortunately the privcmd driver can already be locked down to allow\nonly hypercalls targeting a specific domain, but this mode can be\nactivated from user land only today.\n\nThe target domain can be obtained from Xenstore, so when not running\nin dom0 restrict the privcmd driver to that target domain from the\nbeginning, resolving the potential problem of breaking secure boot.\n\nThis is XSA-482\n\n---\nV2:\n- defer reading from Xenstore if Xenstore isn\u0027t ready yet (Jan Beulich)\n- wait in open() if target domain isn\u0027t known yet\n- issue message in case no target domain found (Jan Beulich)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31788",
"url": "https://www.suse.com/security/cve/CVE-2026-31788"
},
{
"category": "external",
"summary": "SUSE Bug 1259707 for CVE-2026-31788",
"url": "https://bugzilla.suse.com/1259707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.ppc64le",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.1:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T17:04:49Z",
"details": "important"
}
],
"title": "CVE-2026-31788"
}
]
}
SUSE-SU-2026:21255-1
Vulnerability from csaf_suse - Published: 2026-04-17 15:00 - Updated: 2026-04-17 15:00Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Micro (RT) 6.0 and 6.1 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).
- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).
- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths (bsc#1253455).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).
- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).
- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).
- CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
- CVE-2026-23231: netfilter: nf_tables: register hooks last when adding new chain/flowtable (bsc#1259188).
- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).
- CVE-2026-23319: bpf: export bpf_link_inc_not_zero (bsc#1260735).
- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
- CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).
The following non security issues were fixed:
- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).
- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).
- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).
- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).
- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).
- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).
- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).
- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).
- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).
- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).
- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).
- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).
- ASoC: detect empty DMI strings (git-fixes).
- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).
- ASoC: Intel: catpt: Fix the device initialization (git-fixes).
- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).
- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).
- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).
- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).
- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).
- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).
- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).
- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).
- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).
- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).
- Bluetooth: HIDP: Fix possible UAF (git-fixes).
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).
- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).
- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).
- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).
- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).
- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).
- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).
- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
- bonding: do not set usable_slaves for broadcast mode (git-fixes).
- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).
- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages (git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).
- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).
- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).
- comedi: Reinit dev-spinlock between attachments to low-level drivers (git-fixes).
- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).
- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
- crypto: caam - fix overflow on long hmac keys (git-fixes).
- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).
- dmaengine: idxd: Fix leaking event log memory (git-fixes).
- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).
- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).
- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).
- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).
- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).
- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).
- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).
- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).
- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).
- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).
- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).
- drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes).
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).
- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).
- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).
- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).
- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).
- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).
- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).
- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).
- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).
- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).
- HID: mcp2221: cancel last I2C command on read error (stable-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).
- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).
- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).
- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).
- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).
- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).
- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).
- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).
- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).
- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).
- hwmon: axi-fan: don't use driver_override as IRQ name (git-fixes).
- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).
- idpf: nullify pointers after they are freed (git-fixes).
- iio: accel: fix ADXL355 temperature signature value (git-fixes).
- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).
- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).
- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).
- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).
- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).
- iio: dac: ds4424: reject -128 RAW value (git-fixes).
- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).
- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).
- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).
- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).
- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).
- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).
- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).
- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).
- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).
- media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes).
- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).
- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).
- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
- misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes).
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).
- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).
- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).
- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).
- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).
- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).
- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: use ethtool string helpers (git-fixes).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).
- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).
- net: usb: pegasus: validate USB endpoints (stable-fixes).
- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).
- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).
- net/x25: Fix overflow when accumulating packets (git-fixes).
- net/x25: Fix potential double free of skb (git-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).
- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths (git-fixes).
- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
- NFC: pn533: bound the UART receive buffer (git-fixes).
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).
- PCI: hv: Correct a comment (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- PCI: Update BAR # and window messages (stable-fixes).
- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).
- pinctrl: equilibrium: fix warning trace on load (git-fixes).
- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).
- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).
- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).
- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).
- platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (git-fixes).
- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).
- platform/x86: ISST: Correct locked bit width (git-fixes).
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).
- PM: runtime: Fix a race condition related to device removal (git-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- regmap: Synchronize cache for the page selector (git-fixes).
- regulator: pca9450: Correct interrupt type (git-fixes).
- regulator: pca9450: Make IRQ optional (stable-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186 bsc#1258832).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- selftests/powerpc: make sub-folders buildable on their own (bsc#1261669 ltc#212590).
- selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669 ltc#212590).
- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
- serial: 8250_pci: add support for the AX99100 (stable-fixes).
- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).
- serial: 8250: Fix TX deadlock when using DMA (git-fixes).
- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).
- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).
- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).
- spi: fix statistics allocation (git-fixes).
- spi: fix use-after-free on controller registration failure (git-fixes).
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).
- tg3: Fix race for querying speed/duplex (bsc#1257183).
- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).
- usb: cdns3: fix role switching during resume (git-fixes).
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).
- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).
- usb: cdns3: remove redundant if branch (stable-fixes).
- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).
- usb: core: don't power off roothub PHYs if phy_set_mode() fails (git-fixes).
- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).
- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).
- usb: ehci-brcm: fix sleep during atomic (git-fixes).
- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).
- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).
- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).
- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).
- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).
- usb: image: mdc800: kill download URB on timeout (stable-fixes).
- usb: mdc800: handle signal and read racing (stable-fixes).
- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).
- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).
- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).
- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).
- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).
- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).
- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).
- usb: yurex: fix race in probe (stable-fixes).
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).
- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).
- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).
- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).
- wifi: mac80211: set default WMM parameters on all links (stable-fixes).
- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).
Patchnames: SUSE-SLE-Micro-6.1-kernel-342
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Micro (RT) 6.0 and 6.1 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).\n- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).\n- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).\n- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64() paths (bsc#1253455).\n- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).\n- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).\n- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).\n- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).\n- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).\n- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).\n- CVE-2026-23047: libceph: make calc_target() set t-\u003epaused, not just clear it (bsc#1257682).\n- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).\n- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).\n- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).\n- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).\n- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).\n- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).\n- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).\n- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).\n- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).\n- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains (bsc#1258330).\n- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).\n- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).\n- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).\n- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).\n- CVE-2026-23231: netfilter: nf_tables: register hooks last when adding new chain/flowtable (bsc#1259188).\n- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).\n- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).\n- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).\n- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).\n- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-\u003enelems before insertion (bsc#1260009).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).\n- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).\n- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).\n- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).\n- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).\n- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).\n- CVE-2026-23319: bpf: export bpf_link_inc_not_zero (bsc#1260735).\n- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).\n- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).\n- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).\n- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).\n- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).\n- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).\n- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).\n- CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580).\n- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).\n- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).\n- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).\n- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).\n- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).\n- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).\n\nThe following non security issues were fixed:\n\n- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).\n- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).\n- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).\n- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).\n- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).\n- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).\n- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).\n- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).\n- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).\n- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).\n- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).\n- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).\n- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).\n- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).\n- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).\n- apparmor: fix differential encoding verification (bsc#1258849).\n- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).\n- apparmor: fix memory leak in verify_header (bsc#1258849).\n- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).\n- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).\n- apparmor: fix race on rawdata dereference (bsc#1258849).\n- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).\n- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).\n- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).\n- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).\n- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).\n- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).\n- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).\n- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).\n- ASoC: detect empty DMI strings (git-fixes).\n- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).\n- ASoC: Intel: catpt: Fix the device initialization (git-fixes).\n- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).\n- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).\n- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).\n- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).\n- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).\n- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).\n- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).\n- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).\n- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).\n- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).\n- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).\n- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).\n- Bluetooth: HIDP: Fix possible UAF (git-fixes).\n- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).\n- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).\n- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).\n- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).\n- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).\n- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).\n- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if received packet\u0027s SDU exceeds IMTU (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).\n- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).\n- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).\n- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).\n- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).\n- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).\n- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).\n- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).\n- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).\n- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).\n- bonding: do not set usable_slaves for broadcast mode (git-fixes).\n- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).\n- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).\n- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).\n- can: bcm: fix locking for bcm_op runtime updates (git-fixes).\n- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).\n- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).\n- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).\n- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).\n- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).\n- can: ucan: Fix infinite loop from zero-length messages (git-fixes).\n- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).\n- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).\n- comedi: Reinit dev-spinlock between attachments to low-level drivers (git-fixes).\n- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).\n- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).\n- crypto: caam - fix overflow on long hmac keys (git-fixes).\n- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).\n- dmaengine: idxd: Fix leaking event log memory (git-fixes).\n- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).\n- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).\n- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).\n- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).\n- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).\n- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).\n- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).\n- Drivers: hv: fix missing kernel-doc description for \u0027size\u0027 in request_arr_init() (git-fixes).\n- Drivers: hv: remove stale comment (git-fixes).\n- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).\n- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).\n- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).\n- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).\n- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).\n- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).\n- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).\n- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).\n- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).\n- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).\n- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).\n- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).\n- drm/i915/dp: Use crtc_state-\u003eenhanced_framing properly on ivb/hsw CPU eDP (git-fixes).\n- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).\n- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).\n- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).\n- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).\n- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).\n- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).\n- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).\n- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).\n- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).\n- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).\n- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).\n- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).\n- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).\n- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).\n- HID: mcp2221: cancel last I2C command on read error (stable-fixes).\n- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).\n- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).\n- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).\n- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).\n- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).\n- hwmon: (it87) Check the it87_lock() return value (git-fixes).\n- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).\n- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).\n- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).\n- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).\n- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).\n- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).\n- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).\n- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).\n- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).\n- hwmon: axi-fan: don\u0027t use driver_override as IRQ name (git-fixes).\n- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).\n- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).\n- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).\n- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).\n- idpf: nullify pointers after they are freed (git-fixes).\n- iio: accel: fix ADXL355 temperature signature value (git-fixes).\n- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).\n- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).\n- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).\n- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).\n- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).\n- iio: dac: ds4424: reject -128 RAW value (git-fixes).\n- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).\n- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).\n- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).\n- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).\n- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).\n- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).\n- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).\n- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).\n- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).\n- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).\n- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).\n- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).\n- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).\n- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).\n- media: tegra-video: Use accessors for pad config \u0027try_*\u0027 fields (stable-fixes).\n- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).\n- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).\n- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).\n- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).\n- misc: fastrpc: possible double-free of cctx-\u003eremote_heap (git-fixes).\n- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).\n- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).\n- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).\n- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).\n- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).\n- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).\n- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).\n- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).\n- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).\n- net: mana: Add metadata support for xdp mode (git-fixes).\n- net: mana: Add standard counter rx_missed_errors (git-fixes).\n- net: mana: Add support for auxiliary device servicing events (bsc#1251971).\n- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).\n- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).\n- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).\n- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).\n- net: mana: fix use-after-free in add_adev() error path (git-fixes).\n- net: mana: Fix use-after-free in reset service rescan path (git-fixes).\n- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).\n- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).\n- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).\n- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).\n- net: mana: Handle unsupported HWC commands (git-fixes).\n- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).\n- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).\n- net: mana: Probe rdma device in mana driver (git-fixes).\n- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).\n- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).\n- net: mana: Support HW link state events (bsc#1253049).\n- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).\n- net: mana: use ethtool string helpers (git-fixes).\n- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).\n- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).\n- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).\n- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).\n- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).\n- net: usb: pegasus: validate USB endpoints (stable-fixes).\n- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).\n- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).\n- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).\n- net/x25: Fix overflow when accumulating packets (git-fixes).\n- net/x25: Fix potential double free of skb (git-fixes).\n- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).\n- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).\n- nfc: nci: free skb on nci_transceive early error paths (git-fixes).\n- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).\n- NFC: pn533: bound the UART receive buffer (git-fixes).\n- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).\n- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).\n- PCI: hv: Correct a comment (git-fixes).\n- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).\n- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).\n- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).\n- PCI: Update BAR # and window messages (stable-fixes).\n- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).\n- pinctrl: equilibrium: fix warning trace on load (git-fixes).\n- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).\n- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).\n- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).\n- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).\n- platform/x86: dell-wmi-sysman: Don\u0027t hex dump plaintext password data (git-fixes).\n- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).\n- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).\n- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).\n- platform/x86: ISST: Correct locked bit width (git-fixes).\n- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).\n- PM: runtime: Fix a race condition related to device removal (git-fixes).\n- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).\n- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).\n- RDMA/mana_ib: add additional port counters (bsc#1251135).\n- RDMA/mana_ib: Add device statistics support (git-fixes).\n- RDMA/mana_ib: Add device-memory support (git-fixes).\n- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).\n- RDMA/mana_ib: Add port statistics support (git-fixes).\n- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).\n- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).\n- RDMA/mana_ib: add support of multiple ports (bsc#1251135).\n- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).\n- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).\n- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).\n- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).\n- RDMA/mana_ib: Create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).\n- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).\n- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).\n- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).\n- RDMA/mana_ib: create kernel-level CQs (git-fixes).\n- RDMA/mana_ib: create/destroy AH (git-fixes).\n- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).\n- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).\n- RDMA/mana_ib: extend mana QP table (git-fixes).\n- RDMA/mana_ib: Extend modify QP (git-fixes).\n- RDMA/mana_ib: extend query device (git-fixes).\n- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).\n- RDMA/mana_ib: Fix error code in probe() (git-fixes).\n- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).\n- RDMA/mana_ib: Fix missing ret value (git-fixes).\n- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).\n- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).\n- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).\n- RDMA/mana_ib: implement get_dma_mr (git-fixes).\n- RDMA/mana_ib: Implement port parameters (git-fixes).\n- RDMA/mana_ib: implement req_notify_cq (git-fixes).\n- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).\n- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: indicate CM support (git-fixes).\n- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).\n- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).\n- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).\n- RDMA/mana_ib: Modify QP state (git-fixes).\n- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).\n- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).\n- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).\n- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).\n- RDMA/mana_ib: request error CQEs when supported (git-fixes).\n- RDMA/mana_ib: Set correct device into ib (git-fixes).\n- RDMA/mana_ib: set node_guid (git-fixes).\n- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).\n- RDMA/mana_ib: Take CQ type from the device type (git-fixes).\n- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).\n- RDMA/mana_ib: UD/GSI work requests (git-fixes).\n- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).\n- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).\n- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).\n- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).\n- regmap: Synchronize cache for the page selector (git-fixes).\n- regulator: pca9450: Correct interrupt type (git-fixes).\n- regulator: pca9450: Make IRQ optional (stable-fixes).\n- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).\n- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).\n- scsi: mpi3mr: Event processing debug improvement (bsc#1251186 bsc#1258832).\n- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).\n- scsi: storvsc: Remove redundant ternary operators (git-fixes).\n- selftests/powerpc: make sub-folders buildable on their own (bsc#1261669 ltc#212590).\n- selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669 ltc#212590).\n- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).\n- serial: 8250_pci: add support for the AX99100 (stable-fixes).\n- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).\n- serial: 8250: Fix TX deadlock when using DMA (git-fixes).\n- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).\n- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).\n- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).\n- spi: fix statistics allocation (git-fixes).\n- spi: fix use-after-free on controller registration failure (git-fixes).\n- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).\n- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).\n- tg3: Fix race for querying speed/duplex (bsc#1257183).\n- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).\n- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).\n- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).\n- tools/hv: add a .gitignore file (git-fixes).\n- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).\n- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).\n- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).\n- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).\n- usb: cdns3: fix role switching during resume (git-fixes).\n- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).\n- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).\n- usb: cdns3: remove redundant if branch (stable-fixes).\n- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).\n- usb: core: don\u0027t power off roothub PHYs if phy_set_mode() fails (git-fixes).\n- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).\n- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).\n- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).\n- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).\n- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).\n- usb: ehci-brcm: fix sleep during atomic (git-fixes).\n- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).\n- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).\n- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).\n- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).\n- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).\n- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).\n- usb: image: mdc800: kill download URB on timeout (stable-fixes).\n- usb: mdc800: handle signal and read racing (stable-fixes).\n- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).\n- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).\n- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).\n- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).\n- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).\n- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).\n- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).\n- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).\n- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).\n- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).\n- usb: yurex: fix race in probe (stable-fixes).\n- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).\n- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).\n- wifi: cw1200: Fix locking in error paths (git-fixes).\n- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).\n- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).\n- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).\n- wifi: mac80211: set default WMM parameters on all links (stable-fixes).\n- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).\n- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).\n- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).\n- wifi: rsi: Don\u0027t default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).\n- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).\n- wifi: wlcore: Fix a locking bug (git-fixes).\n- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).\n- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).\n- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-342",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21255-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21255-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621255-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21255-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045896.html"
},
{
"category": "self",
"summary": "SUSE Bug 1226591",
"url": "https://bugzilla.suse.com/1226591"
},
{
"category": "self",
"summary": "SUSE Bug 1245728",
"url": "https://bugzilla.suse.com/1245728"
},
{
"category": "self",
"summary": "SUSE Bug 1249998",
"url": "https://bugzilla.suse.com/1249998"
},
{
"category": "self",
"summary": "SUSE Bug 1251135",
"url": "https://bugzilla.suse.com/1251135"
},
{
"category": "self",
"summary": "SUSE Bug 1251186",
"url": "https://bugzilla.suse.com/1251186"
},
{
"category": "self",
"summary": "SUSE Bug 1251971",
"url": "https://bugzilla.suse.com/1251971"
},
{
"category": "self",
"summary": "SUSE Bug 1252073",
"url": "https://bugzilla.suse.com/1252073"
},
{
"category": "self",
"summary": "SUSE Bug 1252266",
"url": "https://bugzilla.suse.com/1252266"
},
{
"category": "self",
"summary": "SUSE Bug 1253049",
"url": "https://bugzilla.suse.com/1253049"
},
{
"category": "self",
"summary": "SUSE Bug 1253455",
"url": "https://bugzilla.suse.com/1253455"
},
{
"category": "self",
"summary": "SUSE Bug 1254306",
"url": "https://bugzilla.suse.com/1254306"
},
{
"category": "self",
"summary": "SUSE Bug 1255084",
"url": "https://bugzilla.suse.com/1255084"
},
{
"category": "self",
"summary": "SUSE Bug 1256647",
"url": "https://bugzilla.suse.com/1256647"
},
{
"category": "self",
"summary": "SUSE Bug 1256690",
"url": "https://bugzilla.suse.com/1256690"
},
{
"category": "self",
"summary": "SUSE Bug 1256784",
"url": "https://bugzilla.suse.com/1256784"
},
{
"category": "self",
"summary": "SUSE Bug 1257183",
"url": "https://bugzilla.suse.com/1257183"
},
{
"category": "self",
"summary": "SUSE Bug 1257466",
"url": "https://bugzilla.suse.com/1257466"
},
{
"category": "self",
"summary": "SUSE Bug 1257472",
"url": "https://bugzilla.suse.com/1257472"
},
{
"category": "self",
"summary": "SUSE Bug 1257473",
"url": "https://bugzilla.suse.com/1257473"
},
{
"category": "self",
"summary": "SUSE Bug 1257506",
"url": "https://bugzilla.suse.com/1257506"
},
{
"category": "self",
"summary": "SUSE Bug 1257561",
"url": "https://bugzilla.suse.com/1257561"
},
{
"category": "self",
"summary": "SUSE Bug 1257682",
"url": "https://bugzilla.suse.com/1257682"
},
{
"category": "self",
"summary": "SUSE Bug 1257732",
"url": "https://bugzilla.suse.com/1257732"
},
{
"category": "self",
"summary": "SUSE Bug 1257755",
"url": "https://bugzilla.suse.com/1257755"
},
{
"category": "self",
"summary": "SUSE Bug 1257773",
"url": "https://bugzilla.suse.com/1257773"
},
{
"category": "self",
"summary": "SUSE Bug 1257777",
"url": "https://bugzilla.suse.com/1257777"
},
{
"category": "self",
"summary": "SUSE Bug 1257814",
"url": "https://bugzilla.suse.com/1257814"
},
{
"category": "self",
"summary": "SUSE Bug 1257952",
"url": "https://bugzilla.suse.com/1257952"
},
{
"category": "self",
"summary": "SUSE Bug 1258280",
"url": "https://bugzilla.suse.com/1258280"
},
{
"category": "self",
"summary": "SUSE Bug 1258286",
"url": "https://bugzilla.suse.com/1258286"
},
{
"category": "self",
"summary": "SUSE Bug 1258293",
"url": "https://bugzilla.suse.com/1258293"
},
{
"category": "self",
"summary": "SUSE Bug 1258303",
"url": "https://bugzilla.suse.com/1258303"
},
{
"category": "self",
"summary": "SUSE Bug 1258305",
"url": "https://bugzilla.suse.com/1258305"
},
{
"category": "self",
"summary": "SUSE Bug 1258330",
"url": "https://bugzilla.suse.com/1258330"
},
{
"category": "self",
"summary": "SUSE Bug 1258337",
"url": "https://bugzilla.suse.com/1258337"
},
{
"category": "self",
"summary": "SUSE Bug 1258338",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "self",
"summary": "SUSE Bug 1258340",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "self",
"summary": "SUSE Bug 1258376",
"url": "https://bugzilla.suse.com/1258376"
},
{
"category": "self",
"summary": "SUSE Bug 1258389",
"url": "https://bugzilla.suse.com/1258389"
},
{
"category": "self",
"summary": "SUSE Bug 1258414",
"url": "https://bugzilla.suse.com/1258414"
},
{
"category": "self",
"summary": "SUSE Bug 1258447",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "self",
"summary": "SUSE Bug 1258524",
"url": "https://bugzilla.suse.com/1258524"
},
{
"category": "self",
"summary": "SUSE Bug 1258832",
"url": "https://bugzilla.suse.com/1258832"
},
{
"category": "self",
"summary": "SUSE Bug 1258849",
"url": "https://bugzilla.suse.com/1258849"
},
{
"category": "self",
"summary": "SUSE Bug 1259188",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "self",
"summary": "SUSE Bug 1259461",
"url": "https://bugzilla.suse.com/1259461"
},
{
"category": "self",
"summary": "SUSE Bug 1259580",
"url": "https://bugzilla.suse.com/1259580"
},
{
"category": "self",
"summary": "SUSE Bug 1259707",
"url": "https://bugzilla.suse.com/1259707"
},
{
"category": "self",
"summary": "SUSE Bug 1259795",
"url": "https://bugzilla.suse.com/1259795"
},
{
"category": "self",
"summary": "SUSE Bug 1259797",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "self",
"summary": "SUSE Bug 1259865",
"url": "https://bugzilla.suse.com/1259865"
},
{
"category": "self",
"summary": "SUSE Bug 1259870",
"url": "https://bugzilla.suse.com/1259870"
},
{
"category": "self",
"summary": "SUSE Bug 1259886",
"url": "https://bugzilla.suse.com/1259886"
},
{
"category": "self",
"summary": "SUSE Bug 1259889",
"url": "https://bugzilla.suse.com/1259889"
},
{
"category": "self",
"summary": "SUSE Bug 1259891",
"url": "https://bugzilla.suse.com/1259891"
},
{
"category": "self",
"summary": "SUSE Bug 1259997",
"url": "https://bugzilla.suse.com/1259997"
},
{
"category": "self",
"summary": "SUSE Bug 1259998",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "self",
"summary": "SUSE Bug 1260005",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "self",
"summary": "SUSE Bug 1260009",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "self",
"summary": "SUSE Bug 1260347",
"url": "https://bugzilla.suse.com/1260347"
},
{
"category": "self",
"summary": "SUSE Bug 1260464",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "self",
"summary": "SUSE Bug 1260471",
"url": "https://bugzilla.suse.com/1260471"
},
{
"category": "self",
"summary": "SUSE Bug 1260481",
"url": "https://bugzilla.suse.com/1260481"
},
{
"category": "self",
"summary": "SUSE Bug 1260486",
"url": "https://bugzilla.suse.com/1260486"
},
{
"category": "self",
"summary": "SUSE Bug 1260497",
"url": "https://bugzilla.suse.com/1260497"
},
{
"category": "self",
"summary": "SUSE Bug 1260500",
"url": "https://bugzilla.suse.com/1260500"
},
{
"category": "self",
"summary": "SUSE Bug 1260527",
"url": "https://bugzilla.suse.com/1260527"
},
{
"category": "self",
"summary": "SUSE Bug 1260544",
"url": "https://bugzilla.suse.com/1260544"
},
{
"category": "self",
"summary": "SUSE Bug 1260550",
"url": "https://bugzilla.suse.com/1260550"
},
{
"category": "self",
"summary": "SUSE Bug 1260562",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "self",
"summary": "SUSE Bug 1260580",
"url": "https://bugzilla.suse.com/1260580"
},
{
"category": "self",
"summary": "SUSE Bug 1260730",
"url": "https://bugzilla.suse.com/1260730"
},
{
"category": "self",
"summary": "SUSE Bug 1260732",
"url": "https://bugzilla.suse.com/1260732"
},
{
"category": "self",
"summary": "SUSE Bug 1260735",
"url": "https://bugzilla.suse.com/1260735"
},
{
"category": "self",
"summary": "SUSE Bug 1260799",
"url": "https://bugzilla.suse.com/1260799"
},
{
"category": "self",
"summary": "SUSE Bug 1261412",
"url": "https://bugzilla.suse.com/1261412"
},
{
"category": "self",
"summary": "SUSE Bug 1261496",
"url": "https://bugzilla.suse.com/1261496"
},
{
"category": "self",
"summary": "SUSE Bug 1261498",
"url": "https://bugzilla.suse.com/1261498"
},
{
"category": "self",
"summary": "SUSE Bug 1261507",
"url": "https://bugzilla.suse.com/1261507"
},
{
"category": "self",
"summary": "SUSE Bug 1261669",
"url": "https://bugzilla.suse.com/1261669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38542 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39998 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40253 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71269 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23030 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23047 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23054 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23069 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23088 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23103 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23120 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23125 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23140 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23154 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23157 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23169 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23187 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23193 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23201 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23202 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23204 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23207 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23216 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23231 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23242 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23255 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23262 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23270 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23272 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23277 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23281 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23292 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23293 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23304 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23319 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23335 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23343 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23361 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23381 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23383 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23386 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23395 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23398 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23413 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23414 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23419 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31788 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-04-17T15:00:24Z",
"generator": {
"date": "2026-04-17T15:00:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21255-1",
"initial_release_date": "2026-04-17T15:00:24Z",
"revision_history": [
{
"date": "2026-04-17T15:00:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-41.1.aarch64",
"product": {
"name": "kernel-rt-6.4.0-41.1.aarch64",
"product_id": "kernel-rt-6.4.0-41.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-41.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.4.0-41.1.aarch64",
"product_id": "kernel-rt-devel-6.4.0-41.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-6.4.0-41.1.noarch",
"product": {
"name": "kernel-devel-rt-6.4.0-41.1.noarch",
"product_id": "kernel-devel-rt-6.4.0-41.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-6.4.0-41.1.noarch",
"product": {
"name": "kernel-source-rt-6.4.0-41.1.noarch",
"product_id": "kernel-source-rt-6.4.0-41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-rt-6.4.0-41.1.x86_64",
"product_id": "kernel-rt-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.4.0-41.1.x86_64",
"product_id": "kernel-rt-devel-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.4.0-41.1.x86_64",
"product_id": "kernel-rt-livepatch-6.4.0-41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch"
},
"product_reference": "kernel-devel-rt-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-41.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64"
},
"product_reference": "kernel-rt-6.4.0-41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-rt-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-41.1.aarch64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.4.0-41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
},
"product_reference": "kernel-source-rt-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38542"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38542",
"url": "https://www.suse.com/security/cve/CVE-2024-38542"
},
{
"category": "external",
"summary": "SUSE Bug 1226591 for CVE-2024-38542",
"url": "https://bugzilla.suse.com/1226591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2024-38542"
},
{
"cve": "CVE-2025-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n\nObserved on kernel 6.6 (present on master as well):\n\n BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0\n Call trace:\n kasan_check_range+0xe8/0x190\n __asan_loadN+0x1c/0x28\n memcmp+0x98/0xd0\n efivarfs_d_compare+0x68/0xd8\n __d_lookup_rcu_op_compare+0x178/0x218\n __d_lookup_rcu+0x1f8/0x228\n d_alloc_parallel+0x150/0x648\n lookup_open.isra.0+0x5f0/0x8d0\n open_last_lookups+0x264/0x828\n path_openat+0x130/0x3f8\n do_filp_open+0x114/0x248\n do_sys_openat2+0x340/0x3c0\n __arm64_sys_openat+0x120/0x1a0\n\nIf dentry-\u003ed_name.len \u003c EFI_VARIABLE_GUID_LEN , \u0027guid\u0027 can become\nnegative, leadings to oob. The issue can be triggered by parallel\nlookups using invalid filename:\n\n T1\t\t\tT2\n lookup_open\n -\u003elookup\n simple_lookup\n d_add\n // invalid dentry is added to hash list\n\n\t\t\tlookup_open\n\t\t\t d_alloc_parallel\n\t\t\t __d_lookup_rcu\n\t\t\t __d_lookup_rcu_op_compare\n\t\t\t hlist_bl_for_each_entry_rcu\n\t\t\t // invalid dentry can be retrieved\n\t\t\t -\u003ed_compare\n\t\t\t efivarfs_d_compare\n\t\t\t // oob\n\nFix it by checking \u0027guid\u0027 before cmp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39817",
"url": "https://www.suse.com/security/cve/CVE-2025-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1249998 for CVE-2025-39817",
"url": "https://bugzilla.suse.com/1249998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-39817"
},
{
"cve": "CVE-2025-39998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39998",
"url": "https://www.suse.com/security/cve/CVE-2025-39998"
},
{
"category": "external",
"summary": "SUSE Bug 1252073 for CVE-2025-39998",
"url": "https://bugzilla.suse.com/1252073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-39998"
},
{
"cve": "CVE-2025-40201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/sys.c: fix the racy usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64() paths\n\nThe usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64()-\u003edo_prlimit()\npath is very broken.\n\nsys_prlimit64() does get_task_struct(tsk) but this only protects task_struct\nitself. If tsk != current and tsk is not a leader, this process can exit/exec\nand task_lock(tsk-\u003egroup_leader) may use the already freed task_struct.\n\nAnother problem is that sys_prlimit64() can race with mt-exec which changes\n-\u003egroup_leader. In this case do_prlimit() may take the wrong lock, or (worse)\n-\u003egroup_leader may change between task_lock() and task_unlock().\n\nChange sys_prlimit64() to take tasklist_lock when necessary. This is not\nnice, but I don\u0027t see a better fix for -stable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40201",
"url": "https://www.suse.com/security/cve/CVE-2025-40201"
},
{
"category": "external",
"summary": "SUSE Bug 1253455 for CVE-2025-40201",
"url": "https://bugzilla.suse.com/1253455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-40201"
},
{
"cve": "CVE-2025-40253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ctcm: Fix double-kfree\n\nThe function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027 is called conditionally\nfrom function \u0027ctcmpc_unpack_skb\u0027. It frees passed mpcginfo.\nAfter that a call to function \u0027kfree\u0027 in function \u0027ctcmpc_unpack_skb\u0027\nfrees it again.\n\nRemove \u0027kfree\u0027 call in function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027.\n\nBug detected by the clang static analyzer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40253",
"url": "https://www.suse.com/security/cve/CVE-2025-40253"
},
{
"category": "external",
"summary": "SUSE Bug 1255084 for CVE-2025-40253",
"url": "https://bugzilla.suse.com/1255084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-40253"
},
{
"cve": "CVE-2025-68794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: adjust read range correctly for non-block-aligned positions\n\niomap_adjust_read_range() assumes that the position and length passed in\nare block-aligned. This is not always the case however, as shown in the\nsyzbot generated case for erofs. This causes too many bytes to be\nskipped for uptodate blocks, which results in returning the incorrect\nposition and length to read in. If all the blocks are uptodate, this\nunderflows length and returns a position beyond the folio.\n\nFix the calculation to also take into account the block offset when\ncalculating how many bytes can be skipped for uptodate blocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68794",
"url": "https://www.suse.com/security/cve/CVE-2025-68794"
},
{
"category": "external",
"summary": "SUSE Bug 1256647 for CVE-2025-68794",
"url": "https://bugzilla.suse.com/1256647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-68794"
},
{
"cve": "CVE-2025-71125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not register unsupported perf events\n\nSynthetic events currently do not have a function to register perf events.\nThis leads to calling the tracepoint register functions with a NULL\nfunction pointer which triggers:\n\n ------------[ cut here ]------------\n WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0-ftest-11964-ge022764176fc-dirty #323 PREEMPTLAZY\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:tracepoint_add_func+0x357/0x370\n Code: 28 9c e8 4c 0b f5 ff eb 0f 4c 89 f7 48 c7 c6 80 4d 28 9c e8 ab 89 f4 ff 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc \u003c0f\u003e 0b 49 c7 c6 ea ff ff ff e9 ee fe ff ff 0f 0b e9 f9 fe ff ff 0f\n RSP: 0018:ffffabc0c44d3c40 EFLAGS: 00010246\n RAX: 0000000000000001 RBX: ffff9380aa9e4060 RCX: 0000000000000000\n RDX: 000000000000000a RSI: ffffffff9e1d4a98 RDI: ffff937fcf5fd6c8\n RBP: 0000000000000001 R08: 0000000000000007 R09: ffff937fcf5fc780\n R10: 0000000000000003 R11: ffffffff9c193910 R12: 000000000000000a\n R13: ffffffff9e1e5888 R14: 0000000000000000 R15: ffffabc0c44d3c78\n FS: 00007f6202f5f340(0000) GS:ffff93819f00f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055d3162281a8 CR3: 0000000106a56003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n tracepoint_probe_register+0x5d/0x90\n synth_event_reg+0x3c/0x60\n perf_trace_event_init+0x204/0x340\n perf_trace_init+0x85/0xd0\n perf_tp_event_init+0x2e/0x50\n perf_try_init_event+0x6f/0x230\n ? perf_event_alloc+0x4bb/0xdc0\n perf_event_alloc+0x65a/0xdc0\n __se_sys_perf_event_open+0x290/0x9f0\n do_syscall_64+0x93/0x7b0\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? trace_hardirqs_off+0x53/0xc0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nInstead, have the code return -ENODEV, which doesn\u0027t warn and has perf\nerror out with:\n\n # perf record -e synthetic:futex_wait\nError:\nThe sys_perf_event_open() syscall returned with 19 (No such device) for event (synthetic:futex_wait).\n\"dmesg | grep -i perf\" may provide additional information.\n\nIdeally perf should support synthetic events, but for now just fix the\nwarning. The support can come later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71125",
"url": "https://www.suse.com/security/cve/CVE-2025-71125"
},
{
"category": "external",
"summary": "SUSE Bug 1256784 for CVE-2025-71125",
"url": "https://bugzilla.suse.com/1256784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "low"
}
],
"title": "CVE-2025-71125"
},
{
"cve": "CVE-2025-71268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71268",
"url": "https://www.suse.com/security/cve/CVE-2025-71268"
},
{
"category": "external",
"summary": "SUSE Bug 1259865 for CVE-2025-71268",
"url": "https://bugzilla.suse.com/1259865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-71268"
},
{
"cve": "CVE-2025-71269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is \u003c= 0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71269",
"url": "https://www.suse.com/security/cve/CVE-2025-71269"
},
{
"category": "external",
"summary": "SUSE Bug 1259889 for CVE-2025-71269",
"url": "https://bugzilla.suse.com/1259889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2025-71269"
},
{
"cve": "CVE-2026-23030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()\n\nThe for_each_available_child_of_node() calls of_node_put() to\nrelease child_np in each success loop. After breaking from the\nloop with the child_np has been released, the code will jump to\nthe put_child label and will call the of_node_put() again if the\ndevm_request_threaded_irq() fails. These cause a double free bug.\n\nFix by returning directly to avoid the duplicate of_node_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23030",
"url": "https://www.suse.com/security/cve/CVE-2026-23030"
},
{
"category": "external",
"summary": "SUSE Bug 1257561 for CVE-2026-23030",
"url": "https://bugzilla.suse.com/1257561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23030"
},
{
"cve": "CVE-2026-23047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make calc_target() set t-\u003epaused, not just clear it\n\nCurrently calc_target() clears t-\u003epaused if the request shouldn\u0027t be\npaused anymore, but doesn\u0027t ever set t-\u003epaused even though it\u0027s able to\ndetermine when the request should be paused. Setting t-\u003epaused is left\nto __submit_request() which is fine for regular requests but doesn\u0027t\nwork for linger requests -- since __submit_request() doesn\u0027t operate\non linger requests, there is nowhere for lreq-\u003et.paused to be set.\nOne consequence of this is that watches don\u0027t get reestablished on\npaused -\u003e unpaused transitions in cases where requests have been paused\nlong enough for the (paused) unwatch request to time out and for the\nsubsequent (re)watch request to enter the paused state. On top of the\nwatch not getting reestablished, rbd_reregister_watch() gets stuck with\nrbd_dev-\u003ewatch_mutex held:\n\n rbd_register_watch\n __rbd_register_watch\n ceph_osdc_watch\n linger_reg_commit_wait\n\nIt\u0027s waiting for lreq-\u003ereg_commit_wait to be completed, but for that to\nhappen the respective request needs to end up on need_resend_linger list\nand be kicked when requests are unpaused. There is no chance for that\nif the request in question is never marked paused in the first place.\n\nThe fact that rbd_dev-\u003ewatch_mutex remains taken out forever then\nprevents the image from getting unmapped -- \"rbd unmap\" would inevitably\nhang in D state on an attempt to grab the mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23047",
"url": "https://www.suse.com/security/cve/CVE-2026-23047"
},
{
"category": "external",
"summary": "SUSE Bug 1257682 for CVE-2026-23047",
"url": "https://bugzilla.suse.com/1257682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23047"
},
{
"cve": "CVE-2026-23054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc-\u003erx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23054",
"url": "https://www.suse.com/security/cve/CVE-2026-23054"
},
{
"category": "external",
"summary": "SUSE Bug 1257732 for CVE-2026-23054",
"url": "https://bugzilla.suse.com/1257732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23054"
},
{
"cve": "CVE-2026-23069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix potential underflow in virtio_transport_get_credit()\n\nThe credit calculation in virtio_transport_get_credit() uses unsigned\narithmetic:\n\n ret = vvs-\u003epeer_buf_alloc - (vvs-\u003etx_cnt - vvs-\u003epeer_fwd_cnt);\n\nIf the peer shrinks its advertised buffer (peer_buf_alloc) while bytes\nare in flight, the subtraction can underflow and produce a large\npositive value, potentially allowing more data to be queued than the\npeer can handle.\n\nReuse virtio_transport_has_space() which already handles this case and\nadd a comment to make it clear why we are doing that.\n\n[Stefano: use virtio_transport_has_space() instead of duplicating the code]\n[Stefano: tweak the commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23069",
"url": "https://www.suse.com/security/cve/CVE-2026-23069"
},
{
"category": "external",
"summary": "SUSE Bug 1257755 for CVE-2026-23069",
"url": "https://bugzilla.suse.com/1257755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23069"
},
{
"cve": "CVE-2026-23088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix crash on synthetic stacktrace field usage\n\nWhen creating a synthetic event based on an existing synthetic event that\nhad a stacktrace field and the new synthetic event used that field a\nkernel crash occurred:\n\n ~# cd /sys/kernel/tracing\n ~# echo \u0027s:stack unsigned long stack[];\u0027 \u003e dynamic_events\n ~# echo \u0027hist:keys=prev_pid:s0=common_stacktrace if prev_state \u0026 3\u0027 \u003e\u003e events/sched/sched_switch/trigger\n ~# echo \u0027hist:keys=next_pid:s1=$s0:onmatch(sched.sched_switch).trace(stack,$s1)\u0027 \u003e\u003e events/sched/sched_switch/trigger\n\nThe above creates a synthetic event that takes a stacktrace when a task\nschedules out in a non-running state and passes that stacktrace to the\nsched_switch event when that task schedules back in. It triggers the\n\"stack\" synthetic event that has a stacktrace as its field (called \"stack\").\n\n ~# echo \u0027s:syscall_stack s64 id; unsigned long stack[];\u0027 \u003e\u003e dynamic_events\n ~# echo \u0027hist:keys=common_pid:s2=stack\u0027 \u003e\u003e events/synthetic/stack/trigger\n ~# echo \u0027hist:keys=common_pid:s3=$s2,i0=id:onmatch(synthetic.stack).trace(syscall_stack,$i0,$s3)\u0027 \u003e\u003e events/raw_syscalls/sys_exit/trigger\n\nThe above makes another synthetic event called \"syscall_stack\" that\nattaches the first synthetic event (stack) to the sys_exit trace event and\nrecords the stacktrace from the stack event with the id of the system call\nthat is exiting.\n\nWhen enabling this event (or using it in a historgram):\n\n ~# echo 1 \u003e events/synthetic/syscall_stack/enable\n\nProduces a kernel crash!\n\n BUG: unable to handle page fault for address: 0000000000400010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n CPU: 6 UID: 0 PID: 1257 Comm: bash Not tainted 6.16.3+deb14-amd64 #1 PREEMPT(lazy) Debian 6.16.3-1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:trace_event_raw_event_synth+0x90/0x380\n Code: c5 00 00 00 00 85 d2 0f 84 e1 00 00 00 31 db eb 34 0f 1f 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 \u003c49\u003e 8b 04 24 48 83 c3 01 8d 0c c5 08 00 00 00 01 cd 41 3b 5d 40 0f\n RSP: 0018:ffffd2670388f958 EFLAGS: 00010202\n RAX: ffff8ba1065cc100 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: fffff266ffda7b90 RDI: ffffd2670388f9b0\n RBP: 0000000000000010 R08: ffff8ba104e76000 R09: ffffd2670388fa50\n R10: ffff8ba102dd42e0 R11: ffffffff9a908970 R12: 0000000000400010\n R13: ffff8ba10a246400 R14: ffff8ba10a710220 R15: fffff266ffda7b90\n FS: 00007fa3bc63f740(0000) GS:ffff8ba2e0f48000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000400010 CR3: 0000000107f9e003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __tracing_map_insert+0x208/0x3a0\n action_trace+0x67/0x70\n event_hist_trigger+0x633/0x6d0\n event_triggers_call+0x82/0x130\n trace_event_buffer_commit+0x19d/0x250\n trace_event_raw_event_sys_exit+0x62/0xb0\n syscall_exit_work+0x9d/0x140\n do_syscall_64+0x20a/0x2f0\n ? trace_event_raw_event_sched_switch+0x12b/0x170\n ? save_fpregs_to_fpstate+0x3e/0x90\n ? _raw_spin_unlock+0xe/0x30\n ? finish_task_switch.isra.0+0x97/0x2c0\n ? __rseq_handle_notify_resume+0xad/0x4c0\n ? __schedule+0x4b8/0xd00\n ? restore_fpregs_from_fpstate+0x3c/0x90\n ? switch_fpu_return+0x5b/0xe0\n ? do_syscall_64+0x1ef/0x2f0\n ? do_fault+0x2e9/0x540\n ? __handle_mm_fault+0x7d1/0xf70\n ? count_memcg_events+0x167/0x1d0\n ? handle_mm_fault+0x1d7/0x2e0\n ? do_user_addr_fault+0x2c3/0x7f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reason is that the stacktrace field is not labeled as such, and is\ntreated as a normal field and not as a dynamic event that it is.\n\nIn trace_event_raw_event_synth() the event is field is still treated as a\ndynamic array, but the retrieval of the data is considered a normal field,\nand the reference is just the meta data:\n\n// Meta data is retrieved instead of a dynamic array\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23088",
"url": "https://www.suse.com/security/cve/CVE-2026-23088"
},
{
"category": "external",
"summary": "SUSE Bug 1257814 for CVE-2026-23088",
"url": "https://bugzilla.suse.com/1257814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23088"
},
{
"cve": "CVE-2026-23103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Make the addrs_lock be per port\n\nMake the addrs_lock be per port, not per ipvlan dev.\n\nInitial code seems to be written in the assumption,\nthat any address change must occur under RTNL.\nBut it is not so for the case of IPv6. So\n\n1) Introduce per-port addrs_lock.\n\n2) It was needed to fix places where it was forgotten\nto take lock (ipvlan_open/ipvlan_close)\n\nThis appears to be a very minor problem though.\nSince it\u0027s highly unlikely that ipvlan_add_addr() will\nbe called on 2 CPU simultaneously. But nevertheless,\nthis could cause:\n\n1) False-negative of ipvlan_addr_busy(): one interface\niterated through all port-\u003eipvlans + ipvlan-\u003eaddrs\nunder some ipvlan spinlock, and another added IP\nunder its own lock. Though this is only possible\nfor IPv6, since looks like only ipvlan_addr6_event() can be\ncalled without rtnl_lock.\n\n2) Race since ipvlan_ht_addr_add(port) is called under\ndifferent ipvlan-\u003eaddrs_lock locks\n\nThis should not affect performance, since add/remove IP\nis a rare situation and spinlock is not taken on fast\npaths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23103",
"url": "https://www.suse.com/security/cve/CVE-2026-23103"
},
{
"category": "external",
"summary": "SUSE Bug 1257773 for CVE-2026-23103",
"url": "https://bugzilla.suse.com/1257773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23103"
},
{
"cve": "CVE-2026-23120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: avoid one data-race in l2tp_tunnel_del_work()\n\nWe should read sk-\u003esk_socket only when dealing with kernel sockets.\n\nsyzbot reported the following data-race:\n\nBUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release\n\nwrite to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0:\n sk_set_socket include/net/sock.h:2092 [inline]\n sock_orphan include/net/sock.h:2118 [inline]\n sk_common_release+0xae/0x230 net/core/sock.c:4003\n udp_lib_close+0x15/0x20 include/net/udp.h:325\n inet_release+0xce/0xf0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:662 [inline]\n sock_close+0x6b/0x150 net/socket.c:1455\n __fput+0x29b/0x650 fs/file_table.c:468\n ____fput+0x1c/0x30 fs/file_table.c:496\n task_work_run+0x131/0x1a0 kernel/task_work.c:233\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]\n exit_to_user_mode_loop+0x1fe/0x740 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x1e1/0x2b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88811c182b20 of 8 bytes by task 827 on cpu 1:\n l2tp_tunnel_del_work+0x2f/0x1a0 net/l2tp/l2tp_core.c:1418\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340\n worker_thread+0x582/0x770 kernel/workqueue.c:3421\n kthread+0x489/0x510 kernel/kthread.c:463\n ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nvalue changed: 0xffff88811b818000 -\u003e 0x0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23120",
"url": "https://www.suse.com/security/cve/CVE-2026-23120"
},
{
"category": "external",
"summary": "SUSE Bug 1258280 for CVE-2026-23120",
"url": "https://bugzilla.suse.com/1258280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23120"
},
{
"cve": "CVE-2026-23125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT\n\nA null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key\ninitialization fails:\n\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2\n RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline]\n RIP: 0010:sctp_packet_append_chunk+0xb36/0x1260 net/sctp/output.c:401\n Call Trace:\n\n sctp_packet_transmit_chunk+0x31/0x250 net/sctp/output.c:189\n sctp_outq_flush_data+0xa29/0x26d0 net/sctp/outqueue.c:1111\n sctp_outq_flush+0xc80/0x1240 net/sctp/outqueue.c:1217\n sctp_cmd_interpreter.isra.0+0x19a5/0x62c0 net/sctp/sm_sideeffect.c:1787\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x1a3/0x670 net/sctp/sm_sideeffect.c:1169\n sctp_assoc_bh_rcv+0x33e/0x640 net/sctp/associola.c:1052\n sctp_inq_push+0x1dd/0x280 net/sctp/inqueue.c:88\n sctp_rcv+0x11ae/0x3100 net/sctp/input.c:243\n sctp6_rcv+0x3d/0x60 net/sctp/ipv6.c:1127\n\nThe issue is triggered when sctp_auth_asoc_init_active_key() fails in\nsctp_sf_do_5_1C_ack() while processing an INIT_ACK. In this case, the\ncommand sequence is currently:\n\n- SCTP_CMD_PEER_INIT\n- SCTP_CMD_TIMER_STOP (T1_INIT)\n- SCTP_CMD_TIMER_START (T1_COOKIE)\n- SCTP_CMD_NEW_STATE (COOKIE_ECHOED)\n- SCTP_CMD_ASSOC_SHKEY\n- SCTP_CMD_GEN_COOKIE_ECHO\n\nIf SCTP_CMD_ASSOC_SHKEY fails, asoc-\u003eshkey remains NULL, while\nasoc-\u003epeer.auth_capable and asoc-\u003epeer.peer_chunks have already been set by\nSCTP_CMD_PEER_INIT. This allows a DATA chunk with auth = 1 and shkey = NULL\nto be queued by sctp_datamsg_from_user().\n\nSince command interpretation stops on failure, no COOKIE_ECHO should been\nsent via SCTP_CMD_GEN_COOKIE_ECHO. However, the T1_COOKIE timer has already\nbeen started, and it may enqueue a COOKIE_ECHO into the outqueue later. As\na result, the DATA chunk can be transmitted together with the COOKIE_ECHO\nin sctp_outq_flush_data(), leading to the observed issue.\n\nSimilar to the other places where it calls sctp_auth_asoc_init_active_key()\nright after sctp_process_init(), this patch moves the SCTP_CMD_ASSOC_SHKEY\nimmediately after SCTP_CMD_PEER_INIT, before stopping T1_INIT and starting\nT1_COOKIE. This ensures that if shared key generation fails, authenticated\nDATA cannot be sent. It also allows the T1_INIT timer to retransmit INIT,\ngiving the client another chance to process INIT_ACK and retry key setup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23125",
"url": "https://www.suse.com/security/cve/CVE-2026-23125"
},
{
"category": "external",
"summary": "SUSE Bug 1258293 for CVE-2026-23125",
"url": "https://bugzilla.suse.com/1258293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23125"
},
{
"cve": "CVE-2026-23136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: reset sparse-read state in osd_fault()\n\nWhen a fault occurs, the connection is abandoned, reestablished, and any\npending operations are retried. The OSD client tracks the progress of a\nsparse-read reply using a separate state machine, largely independent of\nthe messenger\u0027s state.\n\nIf a connection is lost mid-payload or the sparse-read state machine\nreturns an error, the sparse-read state is not reset. The OSD client\nwill then interpret the beginning of a new reply as the continuation of\nthe old one. If this makes the sparse-read machinery enter a failure\nstate, it may never recover, producing loops like:\n\n libceph: [0] got 0 extents\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n\nTherefore, reset the sparse-read state in osd_fault(), ensuring retries\nstart from a clean state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23136",
"url": "https://www.suse.com/security/cve/CVE-2026-23136"
},
{
"category": "external",
"summary": "SUSE Bug 1258303 for CVE-2026-23136",
"url": "https://bugzilla.suse.com/1258303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23136"
},
{
"cve": "CVE-2026-23140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Subtract size of xdp_frame from allowed metadata size\n\nThe xdp_frame structure takes up part of the XDP frame headroom,\nlimiting the size of the metadata. However, in bpf_test_run, we don\u0027t\ntake this into account, which makes it possible for userspace to supply\na metadata size that is too large (taking up the entire headroom).\n\nIf userspace supplies such a large metadata size in live packet mode,\nthe xdp_update_frame_from_buff() call in xdp_test_run_init_page() call\nwill fail, after which packet transmission proceeds with an\nuninitialised frame structure, leading to the usual Bad Stuff.\n\nThe commit in the Fixes tag fixed a related bug where the second check\nin xdp_update_frame_from_buff() could fail, but did not add any\nadditional constraints on the metadata size. Complete the fix by adding\nan additional check on the metadata size. Reorder the checks slightly to\nmake the logic clearer and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23140",
"url": "https://www.suse.com/security/cve/CVE-2026-23140"
},
{
"category": "external",
"summary": "SUSE Bug 1258305 for CVE-2026-23140",
"url": "https://bugzilla.suse.com/1258305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23140"
},
{
"cve": "CVE-2026-23154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix segmentation of forwarding fraglist GRO\n\nThis patch enhances GSO segment handling by properly checking\nthe SKB_GSO_DODGY flag for frag_list GSO packets, addressing\nlow throughput issues observed when a station accesses IPv4\nservers via hotspots with an IPv6-only upstream interface.\n\nSpecifically, it fixes a bug in GSO segmentation when forwarding\nGRO packets containing a frag_list. The function skb_segment_list\ncannot correctly process GRO skbs that have been converted by XLAT,\nsince XLAT only translates the header of the head skb. Consequently,\nskbs in the frag_list may remain untranslated, resulting in protocol\ninconsistencies and reduced throughput.\n\nTo address this, the patch explicitly sets the SKB_GSO_DODGY flag\nfor GSO packets in XLAT\u0027s IPv4/IPv6 protocol translation helpers\n(bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO\npackets as potentially modified after protocol translation. As a\nresult, GSO segmentation will avoid using skb_segment_list and\ninstead falls back to skb_segment for packets with the SKB_GSO_DODGY\nflag. This ensures that only safe and fully translated frag_list\npackets are processed by skb_segment_list, resolving protocol\ninconsistencies and improving throughput when forwarding GRO packets\nconverted by XLAT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23154",
"url": "https://www.suse.com/security/cve/CVE-2026-23154"
},
{
"category": "external",
"summary": "SUSE Bug 1258286 for CVE-2026-23154",
"url": "https://bugzilla.suse.com/1258286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23154"
},
{
"cve": "CVE-2026-23157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not strictly require dirty metadata threshold for metadata writepages\n\n[BUG]\nThere is an internal report that over 1000 processes are\nwaiting at the io_schedule_timeout() of balance_dirty_pages(), causing\na system hang and trigger a kernel coredump.\n\nThe kernel is v6.4 kernel based, but the root problem still applies to\nany upstream kernel before v6.18.\n\n[CAUSE]\nFrom Jan Kara for his wisdom on the dirty page balance behavior first.\n\n This cgroup dirty limit was what was actually playing the role here\n because the cgroup had only a small amount of memory and so the dirty\n limit for it was something like 16MB.\n\n Dirty throttling is responsible for enforcing that nobody can dirty\n (significantly) more dirty memory than there\u0027s dirty limit. Thus when\n a task is dirtying pages it periodically enters into balance_dirty_pages()\n and we let it sleep there to slow down the dirtying.\n\n When the system is over dirty limit already (either globally or within\n a cgroup of the running task), we will not let the task exit from\n balance_dirty_pages() until the number of dirty pages drops below the\n limit.\n\n So in this particular case, as I already mentioned, there was a cgroup\n with relatively small amount of memory and as a result with dirty limit\n set at 16MB. A task from that cgroup has dirtied about 28MB worth of\n pages in btrfs btree inode and these were practically the only dirty\n pages in that cgroup.\n\nSo that means the only way to reduce the dirty pages of that cgroup is\nto writeback the dirty pages of btrfs btree inode, and only after that\nthose processes can exit balance_dirty_pages().\n\nNow back to the btrfs part, btree_writepages() is responsible for\nwriting back dirty btree inode pages.\n\nThe problem here is, there is a btrfs internal threshold that if the\nbtree inode\u0027s dirty bytes are below the 32M threshold, it will not\ndo any writeback.\n\nThis behavior is to batch as much metadata as possible so we won\u0027t write\nback those tree blocks and then later re-COW them again for another\nmodification.\n\nThis internal 32MiB is higher than the existing dirty page size (28MiB),\nmeaning no writeback will happen, causing a deadlock between btrfs and\ncgroup:\n\n- Btrfs doesn\u0027t want to write back btree inode until more dirty pages\n\n- Cgroup/MM doesn\u0027t want more dirty pages for btrfs btree inode\n Thus any process touching that btree inode is put into sleep until\n the number of dirty pages is reduced.\n\nThanks Jan Kara a lot for the analysis of the root cause.\n\n[ENHANCEMENT]\nSince kernel commit b55102826d7d (\"btrfs: set AS_KERNEL_FILE on the\nbtree_inode\"), btrfs btree inode pages will only be charged to the root\ncgroup which should have a much larger limit than btrfs\u0027 32MiB\nthreshold.\nSo it should not affect newer kernels.\n\nBut for all current LTS kernels, they are all affected by this problem,\nand backporting the whole AS_KERNEL_FILE may not be a good idea.\n\nEven for newer kernels I still think it\u0027s a good idea to get\nrid of the internal threshold at btree_writepages(), since for most cases\ncgroup/MM has a better view of full system memory usage than btrfs\u0027 fixed\nthreshold.\n\nFor internal callers using btrfs_btree_balance_dirty() since that\nfunction is already doing internal threshold check, we don\u0027t need to\nbother them.\n\nBut for external callers of btree_writepages(), just respect their\nrequests and write back whatever they want, ignoring the internal\nbtrfs threshold to avoid such deadlock on btree inode dirty page\nbalancing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23157",
"url": "https://www.suse.com/security/cve/CVE-2026-23157"
},
{
"category": "external",
"summary": "SUSE Bug 1258376 for CVE-2026-23157",
"url": "https://bugzilla.suse.com/1258376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23157"
},
{
"cve": "CVE-2026-23169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race in mptcp_pm_nl_flush_addrs_doit()\n\nsyzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()\nand/or mptcp_pm_nl_is_backup()\n\nRoot cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()\nwhich is not RCU ready.\n\nlist_splice_init_rcu() can not be called here while holding pernet-\u003elock\nspinlock.\n\nMany thanks to Eulgyu Kim for providing a repro and testing our patches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23169",
"url": "https://www.suse.com/security/cve/CVE-2026-23169"
},
{
"category": "external",
"summary": "SUSE Bug 1258389 for CVE-2026-23169",
"url": "https://bugzilla.suse.com/1258389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23169"
},
{
"cve": "CVE-2026-23187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains\n\nFix out-of-range access of bc-\u003edomains in imx8m_blk_ctrl_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23187",
"url": "https://www.suse.com/security/cve/CVE-2026-23187"
},
{
"category": "external",
"summary": "SUSE Bug 1258330 for CVE-2026-23187",
"url": "https://bugzilla.suse.com/1258330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23187"
},
{
"cve": "CVE-2026-23193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()\n\nIn iscsit_dec_session_usage_count(), the function calls complete() while\nholding the sess-\u003esession_usage_lock. Similar to the connection usage count\nlogic, the waiter signaled by complete() (e.g., in the session release\npath) may wake up and free the iscsit_session structure immediately.\n\nThis creates a race condition where the current thread may attempt to\nexecute spin_unlock_bh() on a session structure that has already been\ndeallocated, resulting in a KASAN slab-use-after-free.\n\nTo resolve this, release the session_usage_lock before calling complete()\nto ensure all dereferences of the sess pointer are finished before the\nwaiter is allowed to proceed with deallocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23193",
"url": "https://www.suse.com/security/cve/CVE-2026-23193"
},
{
"category": "external",
"summary": "SUSE Bug 1258414 for CVE-2026-23193",
"url": "https://bugzilla.suse.com/1258414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23193"
},
{
"cve": "CVE-2026-23201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix oops due to invalid pointer for kfree() in parse_longname()\n\nThis fixes a kernel oops when reading ceph snapshot directories (.snap),\nfor example by simply running `ls /mnt/my_ceph/.snap`.\n\nThe variable str is guarded by __free(kfree), but advanced by one for\nskipping the initial \u0027_\u0027 in snapshot names. Thus, kfree() is called\nwith an invalid pointer. This patch removes the need for advancing the\npointer so kfree() is called with correct memory pointer.\n\nSteps to reproduce:\n\n1. Create snapshots on a cephfs volume (I\u0027ve 63 snaps in my testcase)\n\n2. Add cephfs mount to fstab\n$ echo \"samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6 /mnt/test/stuff ceph acl,noatime,_netdev 0 0\" \u003e\u003e /etc/fstab\n\n3. Reboot the system\n$ systemctl reboot\n\n4. Check if it\u0027s really mounted\n$ mount | grep stuff\n\n5. List snapshots (expected 63 snapshots on my system)\n$ ls /mnt/test/stuff/.snap\n\nNow ls hangs forever and the kernel log shows the oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23201",
"url": "https://www.suse.com/security/cve/CVE-2026-23201"
},
{
"category": "external",
"summary": "SUSE Bug 1258337 for CVE-2026-23201",
"url": "https://bugzilla.suse.com/1258337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23201"
},
{
"cve": "CVE-2026-23202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23202",
"url": "https://www.suse.com/security/cve/CVE-2026-23202"
},
{
"category": "external",
"summary": "SUSE Bug 1258338 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "external",
"summary": "SUSE Bug 1261033 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1261033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23202"
},
{
"cve": "CVE-2026-23204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23204",
"url": "https://www.suse.com/security/cve/CVE-2026-23204"
},
{
"category": "external",
"summary": "SUSE Bug 1258340 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "external",
"summary": "SUSE Bug 1259126 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1259126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23204"
},
{
"cve": "CVE-2026-23207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer check in IRQ handler\n\nNow that all other accesses to curr_xfer are done under the lock,\nprotect the curr_xfer NULL check in tegra_qspi_isr_thread() with the\nspinlock. Without this protection, the following race can occur:\n\n CPU0 (ISR thread) CPU1 (timeout path)\n ---------------- -------------------\n if (!tqspi-\u003ecurr_xfer)\n // sees non-NULL\n spin_lock()\n tqspi-\u003ecurr_xfer = NULL\n spin_unlock()\n handle_*_xfer()\n spin_lock()\n t = tqspi-\u003ecurr_xfer // NULL!\n ... t-\u003elen ... // NULL dereference!\n\nWith this patch, all curr_xfer accesses are now properly synchronized.\n\nAlthough all accesses to curr_xfer are done under the lock, in\ntegra_qspi_isr_thread() it checks for NULL, releases the lock and\nreacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer().\nThere is a potential for an update in between, which could cause a NULL\npointer dereference.\n\nTo handle this, add a NULL check inside the handlers after acquiring\nthe lock. This ensures that if the timeout path has already cleared\ncurr_xfer, the handler will safely return without dereferencing the\nNULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23207",
"url": "https://www.suse.com/security/cve/CVE-2026-23207"
},
{
"category": "external",
"summary": "SUSE Bug 1258524 for CVE-2026-23207",
"url": "https://bugzilla.suse.com/1258524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23207"
},
{
"cve": "CVE-2026-23216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn-\u003econn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23216",
"url": "https://www.suse.com/security/cve/CVE-2026-23216"
},
{
"category": "external",
"summary": "SUSE Bug 1258447 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "external",
"summary": "SUSE Bug 1258448 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23216"
},
{
"cve": "CVE-2026-23231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n under rcu_read_lock(). A concurrent dump can still be walking\n the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n installs the IPv4 hook before IPv6 registration fails. Packets\n entering nft_do_chain() via the transient IPv4 hook can still be\n dereferencing chain-\u003eblob_gen_X when the error path frees the\n chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23231",
"url": "https://www.suse.com/security/cve/CVE-2026-23231"
},
{
"category": "external",
"summary": "SUSE Bug 1259188 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "external",
"summary": "SUSE Bug 1259189 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp-\u003erx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp-\u003erx_fpdu-\u003emore_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23242",
"url": "https://www.suse.com/security/cve/CVE-2026-23242"
},
{
"category": "external",
"summary": "SUSE Bug 1259795 for CVE-2026-23242",
"url": "https://bugzilla.suse.com/1259795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23242"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt-\u003edev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt-\u003edev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt-\u003edev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23255",
"url": "https://www.suse.com/security/cve/CVE-2026-23255"
},
{
"category": "external",
"summary": "SUSE Bug 1259891 for CVE-2026-23255",
"url": "https://bugzilla.suse.com/1259891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23255"
},
{
"cve": "CVE-2026-23262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC\u0027s stats.\n\nWhen the number of queues is changed, the driver\u0027s stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23262",
"url": "https://www.suse.com/security/cve/CVE-2026-23262"
},
{
"category": "external",
"summary": "SUSE Bug 1259870 for CVE-2026-23262",
"url": "https://bugzilla.suse.com/1259870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23262"
},
{
"cve": "CVE-2026-23270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks\n\nAs Paolo said earlier [1]:\n\n\"Since the blamed commit below, classify can return TC_ACT_CONSUMED while\nthe current skb being held by the defragmentation engine. As reported by\nGangMin Kim, if such packet is that may cause a UaF when the defrag engine\nlater on tries to tuch again such packet.\"\n\nact_ct was never meant to be used in the egress path, however some users\nare attaching it to egress today [2]. Attempting to reach a middle\nground, we noticed that, while most qdiscs are not handling\nTC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we\naddress the issue by only allowing act_ct to bind to clsact/ingress\nqdiscs and shared blocks. That way it\u0027s still possible to attach act_ct to\negress (albeit only with clsact).\n\n[1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/\n[2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23270",
"url": "https://www.suse.com/security/cve/CVE-2026-23270"
},
{
"category": "external",
"summary": "SUSE Bug 1259886 for CVE-2026-23270",
"url": "https://bugzilla.suse.com/1259886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23270"
},
{
"cve": "CVE-2026-23272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set-\u003enelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set-\u003enelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23272",
"url": "https://www.suse.com/security/cve/CVE-2026-23272"
},
{
"category": "external",
"summary": "SUSE Bug 1260009 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "external",
"summary": "SUSE Bug 1260909 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23272"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n \u003cTASK\u003e\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n __gre_xmit (net/ipv4/ip_gre.c:478)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n teql_master_xmit (net/sched/sch_teql.c:319)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n neigh_direct_output (net/core/neighbour.c:1660)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n ip_mc_output (net/ipv4/ip_output.c:369)\n ip_send_skb (net/ipv4/ip_output.c:1508)\n udp_send_skb (net/ipv4/udp.c:1195)\n udp_sendmsg (net/ipv4/udp.c:1485)\n inet_sendmsg (net/ipv4/af_inet.c:859)\n __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23277",
"url": "https://www.suse.com/security/cve/CVE-2026-23277"
},
{
"category": "external",
"summary": "SUSE Bug 1259997 for CVE-2026-23277",
"url": "https://bugzilla.suse.com/1259997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23277"
},
{
"cve": "CVE-2026-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23278",
"url": "https://www.suse.com/security/cve/CVE-2026-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1259998 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "external",
"summary": "SUSE Bug 1260907 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1260907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23278"
},
{
"cve": "CVE-2026-23281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix use-after-free in lbs_free_adapter()\n\nThe lbs_free_adapter() function uses timer_delete() (non-synchronous)\nfor both command_timer and tx_lockup_timer before the structure is\nfreed. This is incorrect because timer_delete() does not wait for\nany running timer callback to complete.\n\nIf a timer callback is executing when lbs_free_adapter() is called,\nthe callback will access freed memory since lbs_cfg_free() frees the\ncontaining structure immediately after lbs_free_adapter() returns.\n\nBoth timer callbacks (lbs_cmd_timeout_handler and lbs_tx_lockup_handler)\naccess priv-\u003edriver_lock, priv-\u003ecur_cmd, priv-\u003edev, and other fields,\nwhich would all be use-after-free violations.\n\nUse timer_delete_sync() instead to ensure any running timer callback\nhas completed before returning.\n\nThis bug was introduced in commit 8f641d93c38a (\"libertas: detect TX\nlockups and reset hardware\") where del_timer() was used instead of\ndel_timer_sync() in the cleanup path. The command_timer has had the\nsame issue since the driver was first written.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23281",
"url": "https://www.suse.com/security/cve/CVE-2026-23281"
},
{
"category": "external",
"summary": "SUSE Bug 1260464 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "external",
"summary": "SUSE Bug 1260466 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23281"
},
{
"cve": "CVE-2026-23292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, \u0026p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store(). This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n down_read\n __configfs_open_file\n do_dentry_open\n vfs_open\n do_open\n path_openat\n do_filp_open\n file_open_name\n filp_open\n target_core_item_dbroot_store\n flush_write_buffer\n configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23292",
"url": "https://www.suse.com/security/cve/CVE-2026-23292"
},
{
"category": "external",
"summary": "SUSE Bug 1260500 for CVE-2026-23292",
"url": "https://bugzilla.suse.com/1260500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23292"
},
{
"cve": "CVE-2026-23293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n \u003cTASK\u003e\n vxlan_xmit+0x638/0x1ef0 [vxlan]\n dev_hard_start_xmit+0x9e/0x2e0\n __dev_queue_xmit+0xbee/0x14e0\n packet_sendmsg+0x116f/0x1930\n __sys_sendto+0x1f5/0x200\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x12f/0x1590\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23293",
"url": "https://www.suse.com/security/cve/CVE-2026-23293"
},
{
"category": "external",
"summary": "SUSE Bug 1260486 for CVE-2026-23293",
"url": "https://bugzilla.suse.com/1260486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23293"
},
{
"cve": "CVE-2026-23304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -\u003e ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n Call Trace:\n ip6_pol_route (net/ipv6/route.c:2318)\n fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n ip6_route_output_flags (net/ipv6/route.c:2607)\n vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23304",
"url": "https://www.suse.com/security/cve/CVE-2026-23304"
},
{
"category": "external",
"summary": "SUSE Bug 1260544 for CVE-2026-23304",
"url": "https://bugzilla.suse.com/1260544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23304"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-23319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim\n\nThe root cause of this bug is that when \u0027bpf_link_put\u0027 reduces the\nrefcount of \u0027shim_link-\u003elink.link\u0027 to zero, the resource is considered\nreleased but may still be referenced via \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027cgroup_shim_find\u0027. The actual cleanup of \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027bpf_shim_tramp_link_release\u0027 is deferred. During this window, another\nprocess can cause a use-after-free via \u0027bpf_trampoline_link_cgroup_shim\u0027.\n\nBased on Martin KaFai Lau\u0027s suggestions, I have created a simple patch.\n\nTo fix this:\n Add an atomic non-zero check in \u0027bpf_trampoline_link_cgroup_shim\u0027.\n Only increment the refcount if it is not already zero.\n\nTesting:\n I verified the fix by adding a delay in\n \u0027bpf_shim_tramp_link_release\u0027 to make the bug easier to trigger:\n\nstatic void bpf_shim_tramp_link_release(struct bpf_link *link)\n{\n\t/* ... */\n\tif (!shim_link-\u003etrampoline)\n\t\treturn;\n\n+\tmsleep(100);\n\tWARN_ON_ONCE(bpf_trampoline_unlink_prog(\u0026shim_link-\u003elink,\n\t\tshim_link-\u003etrampoline, NULL));\n\tbpf_trampoline_put(shim_link-\u003etrampoline);\n}\n\nBefore the patch, running a PoC easily reproduced the crash(almost 100%)\nwith a call trace similar to KaiyanM\u0027s report.\nAfter the patch, the bug no longer occurs even after millions of\niterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23319",
"url": "https://www.suse.com/security/cve/CVE-2026-23319"
},
{
"category": "external",
"summary": "SUSE Bug 1260735 for CVE-2026-23319",
"url": "https://bugzilla.suse.com/1260735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23319"
},
{
"cve": "CVE-2026-23335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23335",
"url": "https://www.suse.com/security/cve/CVE-2026-23335"
},
{
"category": "external",
"summary": "SUSE Bug 1260550 for CVE-2026-23335",
"url": "https://bugzilla.suse.com/1260550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "low"
}
],
"title": "CVE-2026-23335"
},
{
"cve": "CVE-2026-23343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: produce a warning when calculated tailroom is negative\n\nMany ethernet drivers report xdp Rx queue frag size as being the same as\nDMA write size. However, the only user of this field, namely\nbpf_xdp_frags_increase_tail(), clearly expects a truesize.\n\nSuch difference leads to unspecific memory corruption issues under certain\ncircumstances, e.g. in ixgbevf maximum DMA write size is 3 KB, so when\nrunning xskxceiver\u0027s XDP_ADJUST_TAIL_GROW_MULTI_BUFF, 6K packet fully uses\nall DMA-writable space in 2 buffers. This would be fine, if only\nrxq-\u003efrag_size was properly set to 4K, but value of 3K results in a\nnegative tailroom, because there is a non-zero page offset.\n\nWe are supposed to return -EINVAL and be done with it in such case, but due\nto tailroom being stored as an unsigned int, it is reported to be somewhere\nnear UINT_MAX, resulting in a tail being grown, even if the requested\noffset is too much (it is around 2K in the abovementioned test). This later\nleads to all kinds of unspecific calltraces.\n\n[ 7340.337579] xskxceiver[1440]: segfault at 1da718 ip 00007f4161aeac9d sp 00007f41615a6a00 error 6\n[ 7340.338040] xskxceiver[1441]: segfault at 7f410000000b ip 00000000004042b5 sp 00007f415bffecf0 error 4\n[ 7340.338179] in libc.so.6[61c9d,7f4161aaf000+160000]\n[ 7340.339230] in xskxceiver[42b5,400000+69000]\n[ 7340.340300] likely on CPU 6 (core 0, socket 6)\n[ 7340.340302] Code: ff ff 01 e9 f4 fe ff ff 0f 1f 44 00 00 4c 39 f0 74 73 31 c0 ba 01 00 00 00 f0 0f b1 17 0f 85 ba 00 00 00 49 8b 87 88 00 00 00 \u003c4c\u003e 89 70 08 eb cc 0f 1f 44 00 00 48 8d bd f0 fe ff ff 89 85 ec fe\n[ 7340.340888] likely on CPU 3 (core 0, socket 3)\n[ 7340.345088] Code: 00 00 00 ba 00 00 00 00 be 00 00 00 00 89 c7 e8 31 ca ff ff 89 45 ec 8b 45 ec 85 c0 78 07 b8 00 00 00 00 eb 46 e8 0b c8 ff ff \u003c8b\u003e 00 83 f8 69 74 24 e8 ff c7 ff ff 8b 00 83 f8 0b 74 18 e8 f3 c7\n[ 7340.404334] Oops: general protection fault, probably for non-canonical address 0x6d255010bdffc: 0000 [#1] SMP NOPTI\n[ 7340.405972] CPU: 7 UID: 0 PID: 1439 Comm: xskxceiver Not tainted 6.19.0-rc1+ #21 PREEMPT(lazy)\n[ 7340.408006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[ 7340.409716] RIP: 0010:lookup_swap_cgroup_id+0x44/0x80\n[ 7340.410455] Code: 83 f8 1c 73 39 48 ba ff ff ff ff ff ff ff 03 48 8b 04 c5 20 55 fa bd 48 21 d1 48 89 ca 83 e1 01 48 d1 ea c1 e1 04 48 8d 04 90 \u003c8b\u003e 00 48 83 c4 10 d3 e8 c3 cc cc cc cc 31 c0 e9 98 b7 dd 00 48 89\n[ 7340.412787] RSP: 0018:ffffcc5c04f7f6d0 EFLAGS: 00010202\n[ 7340.413494] RAX: 0006d255010bdffc RBX: ffff891f477895a8 RCX: 0000000000000010\n[ 7340.414431] RDX: 0001c17e3fffffff RSI: 00fa070000000000 RDI: 000382fc7fffffff\n[ 7340.415354] RBP: 00fa070000000000 R08: ffffcc5c04f7f8f8 R09: ffffcc5c04f7f7d0\n[ 7340.416283] R10: ffff891f4c1a7000 R11: ffffcc5c04f7f9c8 R12: ffffcc5c04f7f7d0\n[ 7340.417218] R13: 03ffffffffffffff R14: 00fa06fffffffe00 R15: ffff891f47789500\n[ 7340.418229] FS: 0000000000000000(0000) GS:ffff891ffdfaa000(0000) knlGS:0000000000000000\n[ 7340.419489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7340.420286] CR2: 00007f415bfffd58 CR3: 0000000103f03002 CR4: 0000000000772ef0\n[ 7340.421237] PKRU: 55555554\n[ 7340.421623] Call Trace:\n[ 7340.421987] \u003cTASK\u003e\n[ 7340.422309] ? softleaf_from_pte+0x77/0xa0\n[ 7340.422855] swap_pte_batch+0xa7/0x290\n[ 7340.423363] zap_nonpresent_ptes.constprop.0.isra.0+0xd1/0x270\n[ 7340.424102] zap_pte_range+0x281/0x580\n[ 7340.424607] zap_pmd_range.isra.0+0xc9/0x240\n[ 7340.425177] unmap_page_range+0x24d/0x420\n[ 7340.425714] unmap_vmas+0xa1/0x180\n[ 7340.426185] exit_mmap+0xe1/0x3b0\n[ 7340.426644] __mmput+0x41/0x150\n[ 7340.427098] exit_mm+0xb1/0x110\n[ 7340.427539] do_exit+0x1b2/0x460\n[ 7340.427992] do_group_exit+0x2d/0xc0\n[ 7340.428477] get_signal+0x79d/0x7e0\n[ 7340.428957] arch_do_signal_or_restart+0x34/0x100\n[ 7340.429571] exit_to_user_mode_loop+0x8e/0x4c0\n[ 7340.430159] do_syscall_64+0x188/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23343",
"url": "https://www.suse.com/security/cve/CVE-2026-23343"
},
{
"category": "external",
"summary": "SUSE Bug 1260527 for CVE-2026-23343",
"url": "https://bugzilla.suse.com/1260527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23343"
},
{
"cve": "CVE-2026-23361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry\n\nEndpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X\ninterrupt to the host using a writel(), which generates a PCI posted write\ntransaction. There\u0027s no completion for posted writes, so the writel() may\nreturn before the PCI write completes. dw_pcie_ep_raise_msix_irq() also\nunmaps the outbound ATU entry used for the PCI write, so the write races\nwith the unmap.\n\nIf the PCI write loses the race with the ATU unmap, the write may corrupt\nhost memory or cause IOMMU errors, e.g., these when running fio with a\nlarger queue depth against nvmet-pci-epf:\n\n arm-smmu-v3 fc900000.iommu: 0x0000010000000010\n arm-smmu-v3 fc900000.iommu: 0x0000020000000000\n arm-smmu-v3 fc900000.iommu: 0x000000090000f040\n arm-smmu-v3 fc900000.iommu: 0x0000000000000000\n arm-smmu-v3 fc900000.iommu: event: F_TRANSLATION client: 0000:01:00.0 sid: 0x100 ssid: 0x0 iova: 0x90000f040 ipa: 0x0\n arm-smmu-v3 fc900000.iommu: unpriv data write s1 \"Input address caused fault\" stag: 0x0\n\nFlush the write by performing a readl() of the same address to ensure that\nthe write has reached the destination before the ATU entry is unmapped.\n\nThe same problem was solved for dw_pcie_ep_raise_msi_irq() in commit\n8719c64e76bf (\"PCI: dwc: ep: Cache MSI outbound iATU mapping\"), but there\nit was solved by dedicating an outbound iATU only for MSI. We can\u0027t do the\nsame for MSI-X because each vector can have a different msg_addr and the\nmsg_addr may be changed while the vector is masked.\n\n[bhelgaas: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23361",
"url": "https://www.suse.com/security/cve/CVE-2026-23361"
},
{
"category": "external",
"summary": "SUSE Bug 1260732 for CVE-2026-23361",
"url": "https://bugzilla.suse.com/1260732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23361"
},
{
"cve": "CVE-2026-23379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: fix divide by zero in the offload path\n\nOffloading ETS requires computing each class\u0027 WRR weight: this is done by\naveraging over the sums of quanta as \u0027q_sum\u0027 and \u0027q_psum\u0027. Using unsigned\nint, the same integer size as the individual DRR quanta, can overflow and\neven cause division by zero, like it happened in the following splat:\n\n Oops: divide error: 0000 [#1] SMP PTI\n CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G E 6.19.0-virtme #45 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ets_qdisc_change+0x870/0xf40 [sch_ets]\n qdisc_create+0x12b/0x540\n tc_modify_qdisc+0x6d7/0xbd0\n rtnetlink_rcv_msg+0x168/0x6b0\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x1d6/0x2b0\n netlink_sendmsg+0x22e/0x470\n ____sys_sendmsg+0x38a/0x3c0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x111/0xf80\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f440b81c77e\n Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e\n RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003\n RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8\n R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980\n \u003c/TASK\u003e\n Modules linked in: sch_ets(E) netdevsim(E)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n\nFix this using 64-bit integers for \u0027q_sum\u0027 and \u0027q_psum\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23379",
"url": "https://www.suse.com/security/cve/CVE-2026-23379"
},
{
"category": "external",
"summary": "SUSE Bug 1260481 for CVE-2026-23379",
"url": "https://bugzilla.suse.com/1260481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23379"
},
{
"cve": "CVE-2026-23381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23381"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n \u003cIRQ\u003e\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23381",
"url": "https://www.suse.com/security/cve/CVE-2026-23381"
},
{
"category": "external",
"summary": "SUSE Bug 1260471 for CVE-2026-23381",
"url": "https://bugzilla.suse.com/1260471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23381"
},
{
"cve": "CVE-2026-23383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23383"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing\n\nstruct bpf_plt contains a u64 target field. Currently, the BPF JIT\nallocator requests an alignment of 4 bytes (sizeof(u32)) for the JIT\nbuffer.\n\nBecause the base address of the JIT buffer can be 4-byte aligned (e.g.,\nending in 0x4 or 0xc), the relative padding logic in build_plt() fails\nto ensure that target lands on an 8-byte boundary.\n\nThis leads to two issues:\n1. UBSAN reports misaligned-access warnings when dereferencing the\n structure.\n2. More critically, target is updated concurrently via WRITE_ONCE() in\n bpf_arch_text_poke() while the JIT\u0027d code executes ldr. On arm64,\n 64-bit loads/stores are only guaranteed to be single-copy atomic if\n they are 64-bit aligned. A misaligned target risks a torn read,\n causing the JIT to jump to a corrupted address.\n\nFix this by increasing the allocation alignment requirement to 8 bytes\n(sizeof(u64)) in bpf_jit_binary_pack_alloc(). This anchors the base of\nthe JIT buffer to an 8-byte boundary, allowing the relative padding math\nin build_plt() to correctly align the target field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23383",
"url": "https://www.suse.com/security/cve/CVE-2026-23383"
},
{
"category": "external",
"summary": "SUSE Bug 1260497 for CVE-2026-23383",
"url": "https://bugzilla.suse.com/1260497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23383"
},
{
"cve": "CVE-2026-23386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL\n\nIn DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA\nbuffer cleanup path. It iterates num_bufs times and attempts to unmap\nentries in the dma array.\n\nThis leads to two issues:\n1. The dma array shares storage with tx_qpl_buf_ids (union).\n Interpreting buffer IDs as DMA addresses results in attempting to\n unmap incorrect memory locations.\n2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed\n the size of the dma array, causing out-of-bounds access warnings\n(trace below is how we noticed this issue).\n\nUBSAN: array-index-out-of-bounds in\ndrivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c:178:5 index 18 is out of\nrange for type \u0027dma_addr_t[18]\u0027 (aka \u0027unsigned long long[18]\u0027)\nWorkqueue: gve gve_service_task [gve]\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x33/0xa0\n__ubsan_handle_out_of_bounds+0xdc/0x110\ngve_tx_stop_ring_dqo+0x182/0x200 [gve]\ngve_close+0x1be/0x450 [gve]\ngve_reset+0x99/0x120 [gve]\ngve_service_task+0x61/0x100 [gve]\nprocess_scheduled_works+0x1e9/0x380\n\nFix this by properly checking for QPL mode and delegating to\ngve_free_tx_qpl_bufs() to reclaim the buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23386",
"url": "https://www.suse.com/security/cve/CVE-2026-23386"
},
{
"category": "external",
"summary": "SUSE Bug 1260799 for CVE-2026-23386",
"url": "https://bugzilla.suse.com/1260799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23386"
},
{
"cve": "CVE-2026-23395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ\n\nCurrently the code attempts to accept requests regardless of the\ncommand identifier which may cause multiple requests to be marked\nas pending (FLAG_DEFER_SETUP) which can cause more than\nL2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer\ncausing an overflow.\n\nThe spec is quite clear that the same identifier shall not be used on\nsubsequent requests:\n\n\u0027Within each signaling channel a different Identifier shall be used\nfor each successive request or indication.\u0027\nhttps://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-62/out/en/host/logical-link-control-and-adaptation-protocol-specification.html#UUID-32a25a06-4aa4-c6c7-77c5-dcfe3682355d\n\nSo this attempts to check if there are any channels pending with the\nsame identifier and rejects if any are found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23395",
"url": "https://www.suse.com/security/cve/CVE-2026-23395"
},
{
"category": "external",
"summary": "SUSE Bug 1260580 for CVE-2026-23395",
"url": "https://bugzilla.suse.com/1260580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23395"
},
{
"cve": "CVE-2026-23398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23398"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: fix NULL pointer dereference in icmp_tag_validation()\n\nicmp_tag_validation() unconditionally dereferences the result of\nrcu_dereference(inet_protos[proto]) without checking for NULL.\nThe inet_protos[] array is sparse -- only about 15 of 256 protocol\nnumbers have registered handlers. When ip_no_pmtu_disc is set to 3\n(hardened PMTU mode) and the kernel receives an ICMP Fragmentation\nNeeded error with a quoted inner IP header containing an unregistered\nprotocol number, the NULL dereference causes a kernel panic in\nsoftirq context.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143)\n Call Trace:\n \u003cIRQ\u003e\n icmp_rcv (net/ipv4/icmp.c:1527)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (net/ipv4/ip_input.c:242)\n ip_local_deliver (net/ipv4/ip_input.c:262)\n ip_rcv (net/ipv4/ip_input.c:573)\n __netif_receive_skb_one_core (net/core/dev.c:6164)\n process_backlog (net/core/dev.c:6628)\n handle_softirqs (kernel/softirq.c:561)\n \u003c/IRQ\u003e\n\nAdd a NULL check before accessing icmp_strict_tag_validation. If the\nprotocol has no registered handler, return false since it cannot\nperform strict tag validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23398",
"url": "https://www.suse.com/security/cve/CVE-2026-23398"
},
{
"category": "external",
"summary": "SUSE Bug 1260730 for CVE-2026-23398",
"url": "https://bugzilla.suse.com/1260730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23398"
},
{
"cve": "CVE-2026-23412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: defer hook memory release until rcu readers are done\n\nYiming Qian reports UaF when concurrent process is dumping hooks via\nnfnetlink_hooks:\n\nBUG: KASAN: slab-use-after-free in nfnl_hook_dump_one.isra.0+0xe71/0x10f0\nRead of size 8 at addr ffff888003edbf88 by task poc/79\nCall Trace:\n \u003cTASK\u003e\n nfnl_hook_dump_one.isra.0+0xe71/0x10f0\n netlink_dump+0x554/0x12b0\n nfnl_hook_get+0x176/0x230\n [..]\n\nDefer release until after concurrent readers have completed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23412",
"url": "https://www.suse.com/security/cve/CVE-2026-23412"
},
{
"category": "external",
"summary": "SUSE Bug 1261412 for CVE-2026-23412",
"url": "https://bugzilla.suse.com/1261412"
},
{
"category": "external",
"summary": "SUSE Bug 1261579 for CVE-2026-23412",
"url": "https://bugzilla.suse.com/1261579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-23412"
},
{
"cve": "CVE-2026-23413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23413"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclsact: Fix use-after-free in init/destroy rollback asymmetry\n\nFix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry.\nThe latter is achieved by first fully initializing a clsact instance, and\nthen in a second step having a replacement failure for the new clsact qdisc\ninstance. clsact_init() initializes ingress first and then takes care of the\negress part. This can fail midway, for example, via tcf_block_get_ext(). Upon\nfailure, the kernel will trigger the clsact_destroy() callback.\n\nCommit 1cb6f0bae504 (\"bpf: Fix too early release of tcx_entry\") details the\nway how the transition is happening. If tcf_block_get_ext on the q-\u003eingress_block\nends up failing, we took the tcx_miniq_inc reference count on the ingress\nside, but not yet on the egress side. clsact_destroy() tests whether the\n{ingress,egress}_entry was non-NULL. However, even in midway failure on the\nreplacement, both are in fact non-NULL with a valid egress_entry from the\nprevious clsact instance.\n\nWhat we really need to test for is whether the qdisc instance-specific ingress\nor egress side previously got initialized. This adds a small helper for checking\nthe miniq initialization called mini_qdisc_pair_inited, and utilizes that upon\nclsact_destroy() in order to fix the use-after-free scenario. Convert the\ningress_destroy() side as well so both are consistent to each other.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23413",
"url": "https://www.suse.com/security/cve/CVE-2026-23413"
},
{
"category": "external",
"summary": "SUSE Bug 1261498 for CVE-2026-23413",
"url": "https://bugzilla.suse.com/1261498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23413"
},
{
"cve": "CVE-2026-23414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Purge async_hold in tls_decrypt_async_wait()\n\nThe async_hold queue pins encrypted input skbs while\nthe AEAD engine references their scatterlist data. Once\ntls_decrypt_async_wait() returns, every AEAD operation\nhas completed and the engine no longer references those\nskbs, so they can be freed unconditionally.\n\nA subsequent patch adds batch async decryption to\ntls_sw_read_sock(), introducing a new call site that\nmust drain pending AEAD operations and release held\nskbs. Move __skb_queue_purge(\u0026ctx-\u003easync_hold) into\ntls_decrypt_async_wait() so the purge is centralized\nand every caller -- recvmsg\u0027s drain path, the -EBUSY\nfallback in tls_do_decryption(), and the new read_sock\nbatch path -- releases held skbs on synchronization\nwithout each site managing the purge independently.\n\nThis fixes a leak when tls_strp_msg_hold() fails part-way through,\nafter having added some cloned skbs to the async_hold\nqueue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to\nprocess all pending decrypts, and drop back to synchronous mode, but\ntls_sw_recvmsg() only flushes the async_hold queue when one record has\nbeen processed in \"fully-async\" mode, which may not be the case here.\n\n[pabeni@redhat.com: added leak comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23414",
"url": "https://www.suse.com/security/cve/CVE-2026-23414"
},
{
"category": "external",
"summary": "SUSE Bug 1261496 for CVE-2026-23414",
"url": "https://bugzilla.suse.com/1261496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23414"
},
{
"cve": "CVE-2026-23419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23419"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix circular locking dependency in rds_tcp_tune\n\nsyzbot reported a circular locking dependency in rds_tcp_tune() where\nsk_net_refcnt_upgrade() is called while holding the socket lock:\n\n======================================================\nWARNING: possible circular locking dependency detected\n======================================================\nkworker/u10:8/15040 is trying to acquire lock:\nffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},\nat: __kmalloc_cache_noprof+0x4b/0x6f0\n\nbut task is already holding lock:\nffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},\nat: rds_tcp_tune+0xd7/0x930\n\nThe issue occurs because sk_net_refcnt_upgrade() performs memory\nallocation (via get_net_track() -\u003e ref_tracker_alloc()) while the\nsocket lock is held, creating a circular dependency with fs_reclaim.\n\nFix this by moving sk_net_refcnt_upgrade() outside the socket lock\ncritical section. This is safe because the fields modified by the\nsk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not\naccessed by any concurrent code path at this point.\n\nv2:\n - Corrected fixes tag\n - check patch line wrap nits\n - ai commentary nits",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23419",
"url": "https://www.suse.com/security/cve/CVE-2026-23419"
},
{
"category": "external",
"summary": "SUSE Bug 1261507 for CVE-2026-23419",
"url": "https://bugzilla.suse.com/1261507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "moderate"
}
],
"title": "CVE-2026-23419"
},
{
"cve": "CVE-2026-31788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: restrict usage in unprivileged domU\n\nThe Xen privcmd driver allows to issue arbitrary hypercalls from\nuser space processes. This is normally no problem, as access is\nusually limited to root and the hypervisor will deny any hypercalls\naffecting other domains.\n\nIn case the guest is booted using secure boot, however, the privcmd\ndriver would be enabling a root user process to modify e.g. kernel\nmemory contents, thus breaking the secure boot feature.\n\nThe only known case where an unprivileged domU is really needing to\nuse the privcmd driver is the case when it is acting as the device\nmodel for another guest. In this case all hypercalls issued via the\nprivcmd driver will target that other guest.\n\nFortunately the privcmd driver can already be locked down to allow\nonly hypercalls targeting a specific domain, but this mode can be\nactivated from user land only today.\n\nThe target domain can be obtained from Xenstore, so when not running\nin dom0 restrict the privcmd driver to that target domain from the\nbeginning, resolving the potential problem of breaking secure boot.\n\nThis is XSA-482\n\n---\nV2:\n- defer reading from Xenstore if Xenstore isn\u0027t ready yet (Jan Beulich)\n- wait in open() if target domain isn\u0027t known yet\n- issue message in case no target domain found (Jan Beulich)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31788",
"url": "https://www.suse.com/security/cve/CVE-2026-31788"
},
{
"category": "external",
"summary": "SUSE Bug 1259707 for CVE-2026-31788",
"url": "https://bugzilla.suse.com/1259707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-devel-rt-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.1:kernel-rt-devel-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-rt-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.1:kernel-source-rt-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-17T15:00:24Z",
"details": "important"
}
],
"title": "CVE-2026-31788"
}
]
}
SUSE-SU-2026:21123-1
Vulnerability from csaf_suse - Published: 2026-04-13 18:28 - Updated: 2026-04-13 18:28Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).
- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).
- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
(bsc#1253455).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).
- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).
- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).
- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).
- CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682).
- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).
- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).
- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).
- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).
- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).
- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
- CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).
The following non-security bugs were fixed:
- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).
- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).
- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).
- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).
- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).
- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).
- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).
- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).
- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).
- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).
- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).
- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).
- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).
- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).
- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).
- ASoC: Intel: catpt: Fix the device initialization (git-fixes).
- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).
- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).
- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).
- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).
- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).
- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).
- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).
- ASoC: detect empty DMI strings (git-fixes).
- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).
- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).
- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).
- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).
- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).
- Bluetooth: HIDP: Fix possible UAF (git-fixes).
- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).
- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).
- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).
- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).
- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).
- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes).
- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).
- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).
- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).
- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).
- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).
- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).
- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).
- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).
- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).
- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).
- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).
- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).
- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).
- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).
- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).
- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).
- Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
- Drivers: hv: remove stale comment (git-fixes).
- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).
- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).
- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).
- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).
- HID: mcp2221: cancel last I2C command on read error (stable-fixes).
- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).
- NFC: pn533: bound the UART receive buffer (git-fixes).
- PCI: Update BAR # and window messages (stable-fixes).
- PCI: hv: Correct a comment (git-fixes).
- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
- PM: runtime: Fix a race condition related to device removal (git-fixes).
- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
- RDMA/mana_ib: Add device statistics support (git-fixes).
- RDMA/mana_ib: Add device-memory support (git-fixes).
- RDMA/mana_ib: Add port statistics support (git-fixes).
- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
- RDMA/mana_ib: Create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
- RDMA/mana_ib: Extend modify QP (git-fixes).
- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
- RDMA/mana_ib: Fix error code in probe() (git-fixes).
- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
- RDMA/mana_ib: Fix missing ret value (git-fixes).
- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
- RDMA/mana_ib: Implement port parameters (git-fixes).
- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
- RDMA/mana_ib: Modify QP state (git-fixes).
- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
- RDMA/mana_ib: Set correct device into ib (git-fixes).
- RDMA/mana_ib: Take CQ type from the device type (git-fixes).
- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
- RDMA/mana_ib: UD/GSI work requests (git-fixes).
- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
- RDMA/mana_ib: add additional port counters (bsc#1251135).
- RDMA/mana_ib: add support of multiple ports (bsc#1251135).
- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
- RDMA/mana_ib: create kernel-level CQs (git-fixes).
- RDMA/mana_ib: create/destroy AH (git-fixes).
- RDMA/mana_ib: extend mana QP table (git-fixes).
- RDMA/mana_ib: extend query device (git-fixes).
- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
- RDMA/mana_ib: implement get_dma_mr (git-fixes).
- RDMA/mana_ib: implement req_notify_cq (git-fixes).
- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
- RDMA/mana_ib: indicate CM support (git-fixes).
- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
- RDMA/mana_ib: request error CQEs when supported (git-fixes).
- RDMA/mana_ib: set node_guid (git-fixes).
- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
- Remove "scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans" changes (bsc#1257506).
- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).
- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).
- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).
- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).
- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).
- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).
- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).
- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).
- bonding: do not set usable_slaves for broadcast mode (git-fixes).
- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).
- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- can: bcm: fix locking for bcm_op runtime updates (git-fixes).
- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).
- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).
- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).
- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).
- can: ucan: Fix infinite loop from zero-length messages (git-fixes).
- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).
- comedi: Reinit dev->spinlock between attachments to low-level drivers (git-fixes).
- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).
- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).
- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).
- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).
- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).
- crypto: caam - fix overflow on long hmac keys (git-fixes).
- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).
- dmaengine: idxd: Fix leaking event log memory (git-fixes).
- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).
- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).
- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).
- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).
- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).
- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).
- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).
- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).
- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).
- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).
- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).
- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).
- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).
- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).
- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).
- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).
- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).
- drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes).
- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).
- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).
- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).
- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).
- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).
- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).
- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).
- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).
- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).
- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).
- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).
- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).
- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).
- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).
- hwmon: (it87) Check the it87_lock() return value (git-fixes).
- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).
- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).
- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).
- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).
- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).
- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).
- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).
- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).
- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).
- hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).
- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).
- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).
- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).
- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).
- idpf: nullify pointers after they are freed (git-fixes).
- iio: accel: fix ADXL355 temperature signature value (git-fixes).
- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).
- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).
- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).
- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).
- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).
- iio: dac: ds4424: reject -128 RAW value (git-fixes).
- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).
- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).
- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).
- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).
- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).
- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).
- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).
- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).
- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).
- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).
- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).
- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).
- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).
- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).
- media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes).
- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).
- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).
- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).
- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).
- misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes).
- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).
- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).
- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).
- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).
- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).
- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).
- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).
- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).
- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).
- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).
- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).
- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).
- net/x25: Fix overflow when accumulating packets (git-fixes).
- net/x25: Fix potential double free of skb (git-fixes).
- net: mana: Add metadata support for xdp mode (git-fixes).
- net: mana: Add standard counter rx_missed_errors (git-fixes).
- net: mana: Add support for auxiliary device servicing events (bsc#1251971).
- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
- net: mana: Fix use-after-free in reset service rescan path (git-fixes).
- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
- net: mana: Handle unsupported HWC commands (git-fixes).
- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
- net: mana: Probe rdma device in mana driver (git-fixes).
- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
- net: mana: Support HW link state events (bsc#1253049).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
- net: mana: fix use-after-free in add_adev() error path (git-fixes).
- net: mana: use ethtool string helpers (git-fixes).
- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).
- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).
- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).
- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).
- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).
- net: usb: pegasus: validate USB endpoints (stable-fixes).
- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).
- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).
- nfc: nci: free skb on nci_transceive early error paths (git-fixes).
- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).
- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).
- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).
- pinctrl: equilibrium: fix warning trace on load (git-fixes).
- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).
- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).
- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).
- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).
- platform/x86: ISST: Correct locked bit width (git-fixes).
- platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git-fixes).
- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).
- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).
- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).
- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).
- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).
- regmap: Synchronize cache for the page selector (git-fixes).
- regulator: pca9450: Correct interrupt type (git-fixes).
- regulator: pca9450: Make IRQ optional (stable-fixes).
- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).
- rename Hyper-v patch files to simplify further SP6-SP7 merges
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).
- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
- scsi: storvsc: Remove redundant ternary operators (git-fixes).
- selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669).
- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669).
- selftests/powerpc: make sub-folders buildable on their own (bsc#1261669).
- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).
- serial: 8250: Fix TX deadlock when using DMA (git-fixes).
- serial: 8250_pci: add support for the AX99100 (stable-fixes).
- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).
- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).
- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).
- spi: fix statistics allocation (git-fixes).
- spi: fix use-after-free on controller registration failure (git-fixes).
- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).
- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).
- tg3: Fix race for querying speed/duplex (bsc#1257183).
- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).
- tools/hv: add a .gitignore file (git-fixes).
- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).
- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).
- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).
- usb: cdns3: fix role switching during resume (git-fixes).
- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).
- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).
- usb: cdns3: remove redundant if branch (stable-fixes).
- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).
- usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-fixes).
- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).
- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).
- usb: ehci-brcm: fix sleep during atomic (git-fixes).
- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).
- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).
- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).
- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).
- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).
- usb: image: mdc800: kill download URB on timeout (stable-fixes).
- usb: mdc800: handle signal and read racing (stable-fixes).
- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).
- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).
- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).
- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).
- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).
- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).
- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).
- usb: yurex: fix race in probe (stable-fixes).
- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).
- wifi: cw1200: Fix locking in error paths (git-fixes).
- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).
- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).
- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).
- wifi: mac80211: set default WMM parameters on all links (stable-fixes).
- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).
- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).
- wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).
- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).
- wifi: wlcore: Fix a locking bug (git-fixes).
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).
Patchnames: SUSE-SLE-Micro-6.0-kernel-340
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).\n- CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).\n- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).\n- CVE-2025-40201: kernel/sys.c: fix the racy usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64() paths\n (bsc#1253455).\n- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).\n- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).\n- CVE-2025-71125: tracing: Do not register unsupported perf events (bsc#1256784).\n- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).\n- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).\n- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).\n- CVE-2026-23047: libceph: make calc_target() set t-\u003epaused, not just clear it (bsc#1257682).\n- CVE-2026-23069: vsock/virtio: fix potential underflow in virtio_transport_get_credit() (bsc#1257755).\n- CVE-2026-23088: tracing: Fix crash on synthetic stacktrace field usage (bsc#1257814).\n- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).\n- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).\n- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).\n- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).\n- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).\n- CVE-2026-23154: net: fix segmentation of forwarding fraglist GRO (bsc#1258286).\n- CVE-2026-23169: mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (bsc#1258389).\n- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains (bsc#1258330).\n- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).\n- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).\n- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).\n- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).\n- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).\n- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).\n- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).\n- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).\n- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).\n- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-\u003enelems before insertion (bsc#1260009).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).\n- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).\n- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).\n- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).\n- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).\n- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).\n- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).\n- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).\n- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).\n- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).\n- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).\n- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).\n- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).\n- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).\n- CVE-2026-23395: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (bsc#1260580).\n- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).\n- CVE-2026-23412: netfilter: bpf: defer hook memory release until rcu readers are done (bsc#1261412).\n- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).\n- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).\n- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).\n- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).\n\nThe following non-security bugs were fixed:\n\n- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).\n- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).\n- ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (git-fixes).\n- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).\n- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).\n- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).\n- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).\n- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).\n- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).\n- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).\n- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).\n- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).\n- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).\n- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).\n- ASoC: Intel: catpt: Fix the device initialization (git-fixes).\n- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).\n- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).\n- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).\n- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).\n- ASoC: detect empty DMI strings (git-fixes).\n- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).\n- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).\n- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).\n- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).\n- Bluetooth: HIDP: Fix possible UAF (git-fixes).\n- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).\n- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).\n- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).\n- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).\n- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).\n- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).\n- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if received packet\u0027s SDU exceeds IMTU (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).\n- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).\n- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).\n- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).\n- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).\n- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).\n- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).\n- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).\n- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).\n- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).\n- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).\n- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).\n- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).\n- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).\n- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).\n- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).\n- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).\n- Drivers: hv: fix missing kernel-doc description for \u0027size\u0027 in request_arr_init() (git-fixes).\n- Drivers: hv: remove stale comment (git-fixes).\n- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).\n- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).\n- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).\n- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).\n- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).\n- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).\n- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).\n- HID: mcp2221: cancel last I2C command on read error (stable-fixes).\n- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).\n- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).\n- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).\n- NFC: pn533: bound the UART receive buffer (git-fixes).\n- PCI: Update BAR # and window messages (stable-fixes).\n- PCI: hv: Correct a comment (git-fixes).\n- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).\n- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).\n- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).\n- PM: runtime: Fix a race condition related to device removal (git-fixes).\n- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).\n- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).\n- RDMA/mana_ib: Add device statistics support (git-fixes).\n- RDMA/mana_ib: Add device-memory support (git-fixes).\n- RDMA/mana_ib: Add port statistics support (git-fixes).\n- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).\n- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).\n- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).\n- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).\n- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).\n- RDMA/mana_ib: Create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).\n- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).\n- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).\n- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).\n- RDMA/mana_ib: Extend modify QP (git-fixes).\n- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).\n- RDMA/mana_ib: Fix error code in probe() (git-fixes).\n- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).\n- RDMA/mana_ib: Fix missing ret value (git-fixes).\n- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).\n- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).\n- RDMA/mana_ib: Implement port parameters (git-fixes).\n- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).\n- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).\n- RDMA/mana_ib: Modify QP state (git-fixes).\n- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).\n- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).\n- RDMA/mana_ib: Set correct device into ib (git-fixes).\n- RDMA/mana_ib: Take CQ type from the device type (git-fixes).\n- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).\n- RDMA/mana_ib: UD/GSI work requests (git-fixes).\n- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).\n- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).\n- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).\n- RDMA/mana_ib: add additional port counters (bsc#1251135).\n- RDMA/mana_ib: add support of multiple ports (bsc#1251135).\n- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).\n- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).\n- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).\n- RDMA/mana_ib: create kernel-level CQs (git-fixes).\n- RDMA/mana_ib: create/destroy AH (git-fixes).\n- RDMA/mana_ib: extend mana QP table (git-fixes).\n- RDMA/mana_ib: extend query device (git-fixes).\n- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).\n- RDMA/mana_ib: implement get_dma_mr (git-fixes).\n- RDMA/mana_ib: implement req_notify_cq (git-fixes).\n- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).\n- RDMA/mana_ib: indicate CM support (git-fixes).\n- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).\n- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).\n- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).\n- RDMA/mana_ib: request error CQEs when supported (git-fixes).\n- RDMA/mana_ib: set node_guid (git-fixes).\n- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).\n- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).\n- Remove \"scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans\" changes (bsc#1257506).\n- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).\n- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).\n- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).\n- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).\n- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).\n- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).\n- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).\n- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).\n- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).\n- apparmor: fix differential encoding verification (bsc#1258849).\n- apparmor: fix memory leak in verify_header (bsc#1258849).\n- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).\n- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).\n- apparmor: fix race on rawdata dereference (bsc#1258849).\n- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).\n- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).\n- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).\n- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).\n- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).\n- batman-adv: Avoid double-rtnl_lock ELP metric worker (git-fixes).\n- bonding: do not set usable_slaves for broadcast mode (git-fixes).\n- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).\n- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).\n- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).\n- can: bcm: fix locking for bcm_op runtime updates (git-fixes).\n- can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (git-fixes).\n- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).\n- can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (git-fixes).\n- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).\n- can: mcp251x: fix deadlock in error path of mcp251x_open (git-fixes).\n- can: ucan: Fix infinite loop from zero-length messages (git-fixes).\n- can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (git-fixes).\n- comedi: Reinit dev-\u003espinlock between attachments to low-level drivers (git-fixes).\n- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).\n- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).\n- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).\n- crypto: caam - fix overflow on long hmac keys (git-fixes).\n- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).\n- dmaengine: idxd: Fix leaking event log memory (git-fixes).\n- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).\n- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).\n- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).\n- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).\n- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).\n- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).\n- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).\n- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).\n- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).\n- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).\n- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).\n- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).\n- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).\n- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).\n- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).\n- drm/i915/dp: Use crtc_state-\u003eenhanced_framing properly on ivb/hsw CPU eDP (git-fixes).\n- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).\n- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).\n- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).\n- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).\n- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).\n- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).\n- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/sched: Fix kernel-doc warning for drm_sched_job_done() (git-fixes).\n- drm/solomon: Fix page start when updating rectangle in page addressing mode (git-fixes).\n- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).\n- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).\n- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).\n- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).\n- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).\n- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).\n- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).\n- hwmon: (it87) Check the it87_lock() return value (git-fixes).\n- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).\n- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).\n- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).\n- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).\n- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).\n- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).\n- hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (git-fixes).\n- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).\n- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).\n- hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).\n- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).\n- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).\n- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).\n- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).\n- idpf: nullify pointers after they are freed (git-fixes).\n- iio: accel: fix ADXL355 temperature signature value (git-fixes).\n- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).\n- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).\n- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).\n- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).\n- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).\n- iio: dac: ds4424: reject -128 RAW value (git-fixes).\n- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).\n- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).\n- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).\n- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).\n- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).\n- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).\n- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).\n- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).\n- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).\n- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).\n- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).\n- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).\n- media: tegra-video: Use accessors for pad config \u0027try_*\u0027 fields (stable-fixes).\n- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).\n- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).\n- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).\n- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).\n- misc: fastrpc: possible double-free of cctx-\u003eremote_heap (git-fixes).\n- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).\n- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).\n- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).\n- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).\n- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).\n- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).\n- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).\n- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).\n- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).\n- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).\n- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).\n- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).\n- net/x25: Fix overflow when accumulating packets (git-fixes).\n- net/x25: Fix potential double free of skb (git-fixes).\n- net: mana: Add metadata support for xdp mode (git-fixes).\n- net: mana: Add standard counter rx_missed_errors (git-fixes).\n- net: mana: Add support for auxiliary device servicing events (bsc#1251971).\n- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).\n- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).\n- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).\n- net: mana: Fix use-after-free in reset service rescan path (git-fixes).\n- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).\n- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).\n- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).\n- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).\n- net: mana: Handle unsupported HWC commands (git-fixes).\n- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).\n- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).\n- net: mana: Probe rdma device in mana driver (git-fixes).\n- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).\n- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).\n- net: mana: Support HW link state events (bsc#1253049).\n- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).\n- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).\n- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).\n- net: mana: fix use-after-free in add_adev() error path (git-fixes).\n- net: mana: use ethtool string helpers (git-fixes).\n- net: nfc: nci: Fix zero-length proprietary notifications (git-fixes).\n- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).\n- net: usb: lan78xx: fix TX byte statistics for small packets (git-fixes).\n- net: usb: lan78xx: fix silent drop of packets with checksum errors (git-fixes).\n- net: usb: pegasus: validate USB endpoints (stable-fixes).\n- nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (git-fixes).\n- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).\n- nfc: nci: free skb on nci_transceive early error paths (git-fixes).\n- nfc: rawsock: cancel tx_work before socket teardown (git-fixes).\n- nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (git-fixes).\n- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).\n- pinctrl: equilibrium: fix warning trace on load (git-fixes).\n- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).\n- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).\n- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).\n- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).\n- platform/x86: ISST: Correct locked bit width (git-fixes).\n- platform/x86: dell-wmi-sysman: Do not hex dump plaintext password data (git-fixes).\n- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).\n- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).\n- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).\n- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).\n- qmi_wwan: allow max_mtu above hard_mtu to control rx_urb_size (git-fixes).\n- regmap: Synchronize cache for the page selector (git-fixes).\n- regulator: pca9450: Correct interrupt type (git-fixes).\n- regulator: pca9450: Make IRQ optional (stable-fixes).\n- remoteproc: sysmon: Correct subsys_name_len type in QMI request (git-fixes).\n- rename Hyper-v patch files to simplify further SP6-SP7 merges\n- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).\n- scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).\n- scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).\n- scsi: storvsc: Remove redundant ternary operators (git-fixes).\n- selftests/powerpc: Re-order *FLAGS to follow lib.mk (bsc#1261669).\n- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669).\n- selftests/powerpc: make sub-folders buildable on their own (bsc#1261669).\n- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).\n- serial: 8250: Fix TX deadlock when using DMA (git-fixes).\n- serial: 8250_pci: add support for the AX99100 (stable-fixes).\n- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).\n- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).\n- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).\n- spi: fix statistics allocation (git-fixes).\n- spi: fix use-after-free on controller registration failure (git-fixes).\n- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).\n- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).\n- tg3: Fix race for querying speed/duplex (bsc#1257183).\n- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).\n- tools/hv: add a .gitignore file (git-fixes).\n- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).\n- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).\n- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).\n- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).\n- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).\n- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).\n- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).\n- usb: cdns3: fix role switching during resume (git-fixes).\n- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).\n- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).\n- usb: cdns3: remove redundant if branch (stable-fixes).\n- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).\n- usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-fixes).\n- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).\n- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).\n- usb: ehci-brcm: fix sleep during atomic (git-fixes).\n- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).\n- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).\n- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).\n- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).\n- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).\n- usb: image: mdc800: kill download URB on timeout (stable-fixes).\n- usb: mdc800: handle signal and read racing (stable-fixes).\n- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).\n- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).\n- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).\n- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).\n- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).\n- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).\n- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).\n- usb: yurex: fix race in probe (stable-fixes).\n- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).\n- wifi: cw1200: Fix locking in error paths (git-fixes).\n- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).\n- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).\n- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).\n- wifi: mac80211: set default WMM parameters on all links (stable-fixes).\n- wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (git-fixes).\n- wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (git-fixes).\n- wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (git-fixes).\n- wifi: rsi: Do not default to -EOPNOTSUPP in rsi_mac80211_config (git-fixes).\n- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).\n- wifi: wlcore: Fix a locking bug (git-fixes).\n- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).\n- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).\n- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-340",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21123-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21123-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621123-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21123-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-April/025421.html"
},
{
"category": "self",
"summary": "SUSE Bug 1226591",
"url": "https://bugzilla.suse.com/1226591"
},
{
"category": "self",
"summary": "SUSE Bug 1245728",
"url": "https://bugzilla.suse.com/1245728"
},
{
"category": "self",
"summary": "SUSE Bug 1249998",
"url": "https://bugzilla.suse.com/1249998"
},
{
"category": "self",
"summary": "SUSE Bug 1251135",
"url": "https://bugzilla.suse.com/1251135"
},
{
"category": "self",
"summary": "SUSE Bug 1251186",
"url": "https://bugzilla.suse.com/1251186"
},
{
"category": "self",
"summary": "SUSE Bug 1251971",
"url": "https://bugzilla.suse.com/1251971"
},
{
"category": "self",
"summary": "SUSE Bug 1252073",
"url": "https://bugzilla.suse.com/1252073"
},
{
"category": "self",
"summary": "SUSE Bug 1252266",
"url": "https://bugzilla.suse.com/1252266"
},
{
"category": "self",
"summary": "SUSE Bug 1253049",
"url": "https://bugzilla.suse.com/1253049"
},
{
"category": "self",
"summary": "SUSE Bug 1253455",
"url": "https://bugzilla.suse.com/1253455"
},
{
"category": "self",
"summary": "SUSE Bug 1254306",
"url": "https://bugzilla.suse.com/1254306"
},
{
"category": "self",
"summary": "SUSE Bug 1255084",
"url": "https://bugzilla.suse.com/1255084"
},
{
"category": "self",
"summary": "SUSE Bug 1256645",
"url": "https://bugzilla.suse.com/1256645"
},
{
"category": "self",
"summary": "SUSE Bug 1256647",
"url": "https://bugzilla.suse.com/1256647"
},
{
"category": "self",
"summary": "SUSE Bug 1256690",
"url": "https://bugzilla.suse.com/1256690"
},
{
"category": "self",
"summary": "SUSE Bug 1256784",
"url": "https://bugzilla.suse.com/1256784"
},
{
"category": "self",
"summary": "SUSE Bug 1257183",
"url": "https://bugzilla.suse.com/1257183"
},
{
"category": "self",
"summary": "SUSE Bug 1257466",
"url": "https://bugzilla.suse.com/1257466"
},
{
"category": "self",
"summary": "SUSE Bug 1257472",
"url": "https://bugzilla.suse.com/1257472"
},
{
"category": "self",
"summary": "SUSE Bug 1257473",
"url": "https://bugzilla.suse.com/1257473"
},
{
"category": "self",
"summary": "SUSE Bug 1257506",
"url": "https://bugzilla.suse.com/1257506"
},
{
"category": "self",
"summary": "SUSE Bug 1257561",
"url": "https://bugzilla.suse.com/1257561"
},
{
"category": "self",
"summary": "SUSE Bug 1257682",
"url": "https://bugzilla.suse.com/1257682"
},
{
"category": "self",
"summary": "SUSE Bug 1257732",
"url": "https://bugzilla.suse.com/1257732"
},
{
"category": "self",
"summary": "SUSE Bug 1257755",
"url": "https://bugzilla.suse.com/1257755"
},
{
"category": "self",
"summary": "SUSE Bug 1257773",
"url": "https://bugzilla.suse.com/1257773"
},
{
"category": "self",
"summary": "SUSE Bug 1257777",
"url": "https://bugzilla.suse.com/1257777"
},
{
"category": "self",
"summary": "SUSE Bug 1257814",
"url": "https://bugzilla.suse.com/1257814"
},
{
"category": "self",
"summary": "SUSE Bug 1257952",
"url": "https://bugzilla.suse.com/1257952"
},
{
"category": "self",
"summary": "SUSE Bug 1258280",
"url": "https://bugzilla.suse.com/1258280"
},
{
"category": "self",
"summary": "SUSE Bug 1258286",
"url": "https://bugzilla.suse.com/1258286"
},
{
"category": "self",
"summary": "SUSE Bug 1258293",
"url": "https://bugzilla.suse.com/1258293"
},
{
"category": "self",
"summary": "SUSE Bug 1258303",
"url": "https://bugzilla.suse.com/1258303"
},
{
"category": "self",
"summary": "SUSE Bug 1258305",
"url": "https://bugzilla.suse.com/1258305"
},
{
"category": "self",
"summary": "SUSE Bug 1258330",
"url": "https://bugzilla.suse.com/1258330"
},
{
"category": "self",
"summary": "SUSE Bug 1258337",
"url": "https://bugzilla.suse.com/1258337"
},
{
"category": "self",
"summary": "SUSE Bug 1258338",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "self",
"summary": "SUSE Bug 1258340",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "self",
"summary": "SUSE Bug 1258376",
"url": "https://bugzilla.suse.com/1258376"
},
{
"category": "self",
"summary": "SUSE Bug 1258389",
"url": "https://bugzilla.suse.com/1258389"
},
{
"category": "self",
"summary": "SUSE Bug 1258414",
"url": "https://bugzilla.suse.com/1258414"
},
{
"category": "self",
"summary": "SUSE Bug 1258424",
"url": "https://bugzilla.suse.com/1258424"
},
{
"category": "self",
"summary": "SUSE Bug 1258447",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "self",
"summary": "SUSE Bug 1258524",
"url": "https://bugzilla.suse.com/1258524"
},
{
"category": "self",
"summary": "SUSE Bug 1258832",
"url": "https://bugzilla.suse.com/1258832"
},
{
"category": "self",
"summary": "SUSE Bug 1258849",
"url": "https://bugzilla.suse.com/1258849"
},
{
"category": "self",
"summary": "SUSE Bug 1259188",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "self",
"summary": "SUSE Bug 1259461",
"url": "https://bugzilla.suse.com/1259461"
},
{
"category": "self",
"summary": "SUSE Bug 1259580",
"url": "https://bugzilla.suse.com/1259580"
},
{
"category": "self",
"summary": "SUSE Bug 1259707",
"url": "https://bugzilla.suse.com/1259707"
},
{
"category": "self",
"summary": "SUSE Bug 1259795",
"url": "https://bugzilla.suse.com/1259795"
},
{
"category": "self",
"summary": "SUSE Bug 1259797",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "self",
"summary": "SUSE Bug 1259865",
"url": "https://bugzilla.suse.com/1259865"
},
{
"category": "self",
"summary": "SUSE Bug 1259870",
"url": "https://bugzilla.suse.com/1259870"
},
{
"category": "self",
"summary": "SUSE Bug 1259886",
"url": "https://bugzilla.suse.com/1259886"
},
{
"category": "self",
"summary": "SUSE Bug 1259889",
"url": "https://bugzilla.suse.com/1259889"
},
{
"category": "self",
"summary": "SUSE Bug 1259891",
"url": "https://bugzilla.suse.com/1259891"
},
{
"category": "self",
"summary": "SUSE Bug 1259997",
"url": "https://bugzilla.suse.com/1259997"
},
{
"category": "self",
"summary": "SUSE Bug 1259998",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "self",
"summary": "SUSE Bug 1260005",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "self",
"summary": "SUSE Bug 1260009",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "self",
"summary": "SUSE Bug 1260347",
"url": "https://bugzilla.suse.com/1260347"
},
{
"category": "self",
"summary": "SUSE Bug 1260464",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "self",
"summary": "SUSE Bug 1260471",
"url": "https://bugzilla.suse.com/1260471"
},
{
"category": "self",
"summary": "SUSE Bug 1260481",
"url": "https://bugzilla.suse.com/1260481"
},
{
"category": "self",
"summary": "SUSE Bug 1260486",
"url": "https://bugzilla.suse.com/1260486"
},
{
"category": "self",
"summary": "SUSE Bug 1260497",
"url": "https://bugzilla.suse.com/1260497"
},
{
"category": "self",
"summary": "SUSE Bug 1260500",
"url": "https://bugzilla.suse.com/1260500"
},
{
"category": "self",
"summary": "SUSE Bug 1260527",
"url": "https://bugzilla.suse.com/1260527"
},
{
"category": "self",
"summary": "SUSE Bug 1260544",
"url": "https://bugzilla.suse.com/1260544"
},
{
"category": "self",
"summary": "SUSE Bug 1260550",
"url": "https://bugzilla.suse.com/1260550"
},
{
"category": "self",
"summary": "SUSE Bug 1260562",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "self",
"summary": "SUSE Bug 1260580",
"url": "https://bugzilla.suse.com/1260580"
},
{
"category": "self",
"summary": "SUSE Bug 1260730",
"url": "https://bugzilla.suse.com/1260730"
},
{
"category": "self",
"summary": "SUSE Bug 1260732",
"url": "https://bugzilla.suse.com/1260732"
},
{
"category": "self",
"summary": "SUSE Bug 1260735",
"url": "https://bugzilla.suse.com/1260735"
},
{
"category": "self",
"summary": "SUSE Bug 1260799",
"url": "https://bugzilla.suse.com/1260799"
},
{
"category": "self",
"summary": "SUSE Bug 1261412",
"url": "https://bugzilla.suse.com/1261412"
},
{
"category": "self",
"summary": "SUSE Bug 1261496",
"url": "https://bugzilla.suse.com/1261496"
},
{
"category": "self",
"summary": "SUSE Bug 1261498",
"url": "https://bugzilla.suse.com/1261498"
},
{
"category": "self",
"summary": "SUSE Bug 1261507",
"url": "https://bugzilla.suse.com/1261507"
},
{
"category": "self",
"summary": "SUSE Bug 1261669",
"url": "https://bugzilla.suse.com/1261669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-38542 page",
"url": "https://www.suse.com/security/cve/CVE-2024-38542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39817 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39998 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40201 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40253 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71066 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71125 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71231 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71268 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71268/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71269 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23030 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23047 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23047/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23054 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23054/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23069 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23069/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23088 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23088/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23103 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23120 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23125 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23136 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23140 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23154 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23154/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23157 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23157/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23169 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23187 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23193 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23201 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23202 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23204 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23207 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23216 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23231 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23242 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23255 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23262 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23270 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23272 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23277 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23281 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23292 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23293 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23304 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23319 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23335 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23343 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23361 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23381 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23383 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23386 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23395 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23395/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23398 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23412 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23412/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23413 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23414 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23419 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31788 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-04-13T18:28:29Z",
"generator": {
"date": "2026-04-13T18:28:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21123-1",
"initial_release_date": "2026-04-13T18:28:29Z",
"revision_history": [
{
"date": "2026-04-13T18:28:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.aarch64",
"product": {
"name": "kernel-default-6.4.0-41.1.aarch64",
"product_id": "kernel-default-6.4.0-41.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-41.1.21.18.aarch64",
"product": {
"name": "kernel-default-base-6.4.0-41.1.21.18.aarch64",
"product_id": "kernel-default-base-6.4.0-41.1.21.18.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.4.0-41.1.noarch",
"product": {
"name": "kernel-devel-6.4.0-41.1.noarch",
"product_id": "kernel-devel-6.4.0-41.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.4.0-41.1.noarch",
"product": {
"name": "kernel-macros-6.4.0-41.1.noarch",
"product_id": "kernel-macros-6.4.0-41.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.4.0-41.1.noarch",
"product": {
"name": "kernel-source-6.4.0-41.1.noarch",
"product_id": "kernel-source-6.4.0-41.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.s390x",
"product": {
"name": "kernel-default-6.4.0-41.1.s390x",
"product_id": "kernel-default-6.4.0-41.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-41.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.4.0-41.1.s390x",
"product_id": "kernel-default-livepatch-6.4.0-41.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-default-6.4.0-41.1.x86_64",
"product_id": "kernel-default-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.4.0-41.1.21.18.x86_64",
"product": {
"name": "kernel-default-base-6.4.0-41.1.21.18.x86_64",
"product_id": "kernel-default-base-6.4.0-41.1.21.18.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.4.0-41.1.x86_64",
"product_id": "kernel-default-livepatch-6.4.0-41.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-6.4.0-41.1.x86_64",
"product": {
"name": "kernel-kvmsmall-6.4.0-41.1.x86_64",
"product_id": "kernel-kvmsmall-6.4.0-41.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64"
},
"product_reference": "kernel-default-6.4.0-41.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x"
},
"product_reference": "kernel-default-6.4.0-41.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-default-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-41.1.21.18.aarch64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64"
},
"product_reference": "kernel-default-base-6.4.0-41.1.21.18.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.4.0-41.1.21.18.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64"
},
"product_reference": "kernel-default-base-6.4.0-41.1.21.18.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-41.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.4.0-41.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch"
},
"product_reference": "kernel-devel-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-6.4.0-41.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64"
},
"product_reference": "kernel-kvmsmall-6.4.0-41.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch"
},
"product_reference": "kernel-macros-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.4.0-41.1.noarch as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
},
"product_reference": "kernel-source-6.4.0-41.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-38542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-38542"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-38542",
"url": "https://www.suse.com/security/cve/CVE-2024-38542"
},
{
"category": "external",
"summary": "SUSE Bug 1226591 for CVE-2024-38542",
"url": "https://bugzilla.suse.com/1226591"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2024-38542"
},
{
"cve": "CVE-2025-39817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39817"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nefivarfs: Fix slab-out-of-bounds in efivarfs_d_compare\n\nObserved on kernel 6.6 (present on master as well):\n\n BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0\n Call trace:\n kasan_check_range+0xe8/0x190\n __asan_loadN+0x1c/0x28\n memcmp+0x98/0xd0\n efivarfs_d_compare+0x68/0xd8\n __d_lookup_rcu_op_compare+0x178/0x218\n __d_lookup_rcu+0x1f8/0x228\n d_alloc_parallel+0x150/0x648\n lookup_open.isra.0+0x5f0/0x8d0\n open_last_lookups+0x264/0x828\n path_openat+0x130/0x3f8\n do_filp_open+0x114/0x248\n do_sys_openat2+0x340/0x3c0\n __arm64_sys_openat+0x120/0x1a0\n\nIf dentry-\u003ed_name.len \u003c EFI_VARIABLE_GUID_LEN , \u0027guid\u0027 can become\nnegative, leadings to oob. The issue can be triggered by parallel\nlookups using invalid filename:\n\n T1\t\t\tT2\n lookup_open\n -\u003elookup\n simple_lookup\n d_add\n // invalid dentry is added to hash list\n\n\t\t\tlookup_open\n\t\t\t d_alloc_parallel\n\t\t\t __d_lookup_rcu\n\t\t\t __d_lookup_rcu_op_compare\n\t\t\t hlist_bl_for_each_entry_rcu\n\t\t\t // invalid dentry can be retrieved\n\t\t\t -\u003ed_compare\n\t\t\t efivarfs_d_compare\n\t\t\t // oob\n\nFix it by checking \u0027guid\u0027 before cmp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39817",
"url": "https://www.suse.com/security/cve/CVE-2025-39817"
},
{
"category": "external",
"summary": "SUSE Bug 1249998 for CVE-2025-39817",
"url": "https://bugzilla.suse.com/1249998"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-39817"
},
{
"cve": "CVE-2025-39998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39998",
"url": "https://www.suse.com/security/cve/CVE-2025-39998"
},
{
"category": "external",
"summary": "SUSE Bug 1252073 for CVE-2025-39998",
"url": "https://bugzilla.suse.com/1252073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-39998"
},
{
"cve": "CVE-2025-40201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nkernel/sys.c: fix the racy usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64() paths\n\nThe usage of task_lock(tsk-\u003egroup_leader) in sys_prlimit64()-\u003edo_prlimit()\npath is very broken.\n\nsys_prlimit64() does get_task_struct(tsk) but this only protects task_struct\nitself. If tsk != current and tsk is not a leader, this process can exit/exec\nand task_lock(tsk-\u003egroup_leader) may use the already freed task_struct.\n\nAnother problem is that sys_prlimit64() can race with mt-exec which changes\n-\u003egroup_leader. In this case do_prlimit() may take the wrong lock, or (worse)\n-\u003egroup_leader may change between task_lock() and task_unlock().\n\nChange sys_prlimit64() to take tasklist_lock when necessary. This is not\nnice, but I don\u0027t see a better fix for -stable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40201",
"url": "https://www.suse.com/security/cve/CVE-2025-40201"
},
{
"category": "external",
"summary": "SUSE Bug 1253455 for CVE-2025-40201",
"url": "https://bugzilla.suse.com/1253455"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-40201"
},
{
"cve": "CVE-2025-40253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ctcm: Fix double-kfree\n\nThe function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027 is called conditionally\nfrom function \u0027ctcmpc_unpack_skb\u0027. It frees passed mpcginfo.\nAfter that a call to function \u0027kfree\u0027 in function \u0027ctcmpc_unpack_skb\u0027\nfrees it again.\n\nRemove \u0027kfree\u0027 call in function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027.\n\nBug detected by the clang static analyzer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40253",
"url": "https://www.suse.com/security/cve/CVE-2025-40253"
},
{
"category": "external",
"summary": "SUSE Bug 1255084 for CVE-2025-40253",
"url": "https://bugzilla.suse.com/1255084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-40253"
},
{
"cve": "CVE-2025-68794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: adjust read range correctly for non-block-aligned positions\n\niomap_adjust_read_range() assumes that the position and length passed in\nare block-aligned. This is not always the case however, as shown in the\nsyzbot generated case for erofs. This causes too many bytes to be\nskipped for uptodate blocks, which results in returning the incorrect\nposition and length to read in. If all the blocks are uptodate, this\nunderflows length and returns a position beyond the folio.\n\nFix the calculation to also take into account the block offset when\ncalculating how many bytes can be skipped for uptodate blocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68794",
"url": "https://www.suse.com/security/cve/CVE-2025-68794"
},
{
"category": "external",
"summary": "SUSE Bug 1256647 for CVE-2025-68794",
"url": "https://bugzilla.suse.com/1256647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-68794"
},
{
"cve": "CVE-2025-71066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71066"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: Always remove class from active list before deleting in ets_qdisc_change\n\nzdi-disclosures@trendmicro.com says:\n\nThe vulnerability is a race condition between `ets_qdisc_dequeue` and\n`ets_qdisc_change`. It leads to UAF on `struct Qdisc` object.\nAttacker requires the capability to create new user and network namespace\nin order to trigger the bug.\nSee my additional commentary at the end of the analysis.\n\nAnalysis:\n\nstatic int ets_qdisc_change(struct Qdisc *sch, struct nlattr *opt,\n struct netlink_ext_ack *extack)\n{\n...\n\n // (1) this lock is preventing .change handler (`ets_qdisc_change`)\n //to race with .dequeue handler (`ets_qdisc_dequeue`)\n sch_tree_lock(sch);\n\n for (i = nbands; i \u003c oldbands; i++) {\n if (i \u003e= q-\u003enstrict \u0026\u0026 q-\u003eclasses[i].qdisc-\u003eq.qlen)\n list_del_init(\u0026q-\u003eclasses[i].alist);\n qdisc_purge_queue(q-\u003eclasses[i].qdisc);\n }\n\n WRITE_ONCE(q-\u003enbands, nbands);\n for (i = nstrict; i \u003c q-\u003enstrict; i++) {\n if (q-\u003eclasses[i].qdisc-\u003eq.qlen) {\n\t\t // (2) the class is added to the q-\u003eactive\n list_add_tail(\u0026q-\u003eclasses[i].alist, \u0026q-\u003eactive);\n q-\u003eclasses[i].deficit = quanta[i];\n }\n }\n WRITE_ONCE(q-\u003enstrict, nstrict);\n memcpy(q-\u003eprio2band, priomap, sizeof(priomap));\n\n for (i = 0; i \u003c q-\u003enbands; i++)\n WRITE_ONCE(q-\u003eclasses[i].quantum, quanta[i]);\n\n for (i = oldbands; i \u003c q-\u003enbands; i++) {\n q-\u003eclasses[i].qdisc = queues[i];\n if (q-\u003eclasses[i].qdisc != \u0026noop_qdisc)\n qdisc_hash_add(q-\u003eclasses[i].qdisc, true);\n }\n\n // (3) the qdisc is unlocked, now dequeue can be called in parallel\n // to the rest of .change handler\n sch_tree_unlock(sch);\n\n ets_offload_change(sch);\n for (i = q-\u003enbands; i \u003c oldbands; i++) {\n\t // (4) we\u0027re reducing the refcount for our class\u0027s qdisc and\n\t // freeing it\n qdisc_put(q-\u003eclasses[i].qdisc);\n\t // (5) If we call .dequeue between (4) and (5), we will have\n\t // a strong UAF and we can control RIP\n q-\u003eclasses[i].qdisc = NULL;\n WRITE_ONCE(q-\u003eclasses[i].quantum, 0);\n q-\u003eclasses[i].deficit = 0;\n gnet_stats_basic_sync_init(\u0026q-\u003eclasses[i].bstats);\n memset(\u0026q-\u003eclasses[i].qstats, 0, sizeof(q-\u003eclasses[i].qstats));\n }\n return 0;\n}\n\nComment:\nThis happens because some of the classes have their qdiscs assigned to\nNULL, but remain in the active list. This commit fixes this issue by always\nremoving the class from the active list before deleting and freeing its\nassociated qdisc\n\nReproducer Steps\n(trimmed version of what was sent by zdi-disclosures@trendmicro.com)\n\n```\nDEV=\"${DEV:-lo}\"\nROOT_HANDLE=\"${ROOT_HANDLE:-1:}\"\nBAND2_HANDLE=\"${BAND2_HANDLE:-20:}\" # child under 1:2\nPING_BYTES=\"${PING_BYTES:-48}\"\nPING_COUNT=\"${PING_COUNT:-200000}\"\nPING_DST=\"${PING_DST:-127.0.0.1}\"\n\nSLOW_TBF_RATE=\"${SLOW_TBF_RATE:-8bit}\"\nSLOW_TBF_BURST=\"${SLOW_TBF_BURST:-100b}\"\nSLOW_TBF_LAT=\"${SLOW_TBF_LAT:-1s}\"\n\ncleanup() {\n tc qdisc del dev \"$DEV\" root 2\u003e/dev/null\n}\ntrap cleanup EXIT\n\nip link set \"$DEV\" up\n\ntc qdisc del dev \"$DEV\" root 2\u003e/dev/null || true\n\ntc qdisc add dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\n\ntc qdisc add dev \"$DEV\" parent 1:2 handle \"$BAND2_HANDLE\" \\\n tbf rate \"$SLOW_TBF_RATE\" burst \"$SLOW_TBF_BURST\" latency \"$SLOW_TBF_LAT\"\n\ntc filter add dev \"$DEV\" parent 1: protocol all prio 1 u32 match u32 0 0 flowid 1:2\ntc -s qdisc ls dev $DEV\n\nping -I \"$DEV\" -f -c \"$PING_COUNT\" -s \"$PING_BYTES\" -W 0.001 \"$PING_DST\" \\\n \u003e/dev/null 2\u003e\u00261 \u0026\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 0\ntc qdisc change dev \"$DEV\" root handle \"$ROOT_HANDLE\" ets bands 2 strict 2\ntc -s qdisc ls dev $DEV\ntc qdisc del dev \"$DEV\" parent \n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71066",
"url": "https://www.suse.com/security/cve/CVE-2025-71066"
},
{
"category": "external",
"summary": "SUSE Bug 1256645 for CVE-2025-71066",
"url": "https://bugzilla.suse.com/1256645"
},
{
"category": "external",
"summary": "SUSE Bug 1258005 for CVE-2025-71066",
"url": "https://bugzilla.suse.com/1258005"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2025-71066"
},
{
"cve": "CVE-2025-71125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Do not register unsupported perf events\n\nSynthetic events currently do not have a function to register perf events.\nThis leads to calling the tracepoint register functions with a NULL\nfunction pointer which triggers:\n\n ------------[ cut here ]------------\n WARNING: kernel/tracepoint.c:175 at tracepoint_add_func+0x357/0x370, CPU#2: perf/2272\n Modules linked in: kvm_intel kvm irqbypass\n CPU: 2 UID: 0 PID: 2272 Comm: perf Not tainted 6.18.0-ftest-11964-ge022764176fc-dirty #323 PREEMPTLAZY\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:tracepoint_add_func+0x357/0x370\n Code: 28 9c e8 4c 0b f5 ff eb 0f 4c 89 f7 48 c7 c6 80 4d 28 9c e8 ab 89 f4 ff 31 c0 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc \u003c0f\u003e 0b 49 c7 c6 ea ff ff ff e9 ee fe ff ff 0f 0b e9 f9 fe ff ff 0f\n RSP: 0018:ffffabc0c44d3c40 EFLAGS: 00010246\n RAX: 0000000000000001 RBX: ffff9380aa9e4060 RCX: 0000000000000000\n RDX: 000000000000000a RSI: ffffffff9e1d4a98 RDI: ffff937fcf5fd6c8\n RBP: 0000000000000001 R08: 0000000000000007 R09: ffff937fcf5fc780\n R10: 0000000000000003 R11: ffffffff9c193910 R12: 000000000000000a\n R13: ffffffff9e1e5888 R14: 0000000000000000 R15: ffffabc0c44d3c78\n FS: 00007f6202f5f340(0000) GS:ffff93819f00f000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000055d3162281a8 CR3: 0000000106a56003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n tracepoint_probe_register+0x5d/0x90\n synth_event_reg+0x3c/0x60\n perf_trace_event_init+0x204/0x340\n perf_trace_init+0x85/0xd0\n perf_tp_event_init+0x2e/0x50\n perf_try_init_event+0x6f/0x230\n ? perf_event_alloc+0x4bb/0xdc0\n perf_event_alloc+0x65a/0xdc0\n __se_sys_perf_event_open+0x290/0x9f0\n do_syscall_64+0x93/0x7b0\n ? entry_SYSCALL_64_after_hwframe+0x76/0x7e\n ? trace_hardirqs_off+0x53/0xc0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nInstead, have the code return -ENODEV, which doesn\u0027t warn and has perf\nerror out with:\n\n # perf record -e synthetic:futex_wait\nError:\nThe sys_perf_event_open() syscall returned with 19 (No such device) for event (synthetic:futex_wait).\n\"dmesg | grep -i perf\" may provide additional information.\n\nIdeally perf should support synthetic events, but for now just fix the\nwarning. The support can come later.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71125",
"url": "https://www.suse.com/security/cve/CVE-2025-71125"
},
{
"category": "external",
"summary": "SUSE Bug 1256784 for CVE-2025-71125",
"url": "https://bugzilla.suse.com/1256784"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "low"
}
],
"title": "CVE-2025-71125"
},
{
"cve": "CVE-2025-71231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable \u0027i\u0027 is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71231",
"url": "https://www.suse.com/security/cve/CVE-2025-71231"
},
{
"category": "external",
"summary": "SUSE Bug 1258424 for CVE-2025-71231",
"url": "https://bugzilla.suse.com/1258424"
},
{
"category": "external",
"summary": "SUSE Bug 1258425 for CVE-2025-71231",
"url": "https://bugzilla.suse.com/1258425"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2025-71231"
},
{
"cve": "CVE-2025-71268",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71268"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71268",
"url": "https://www.suse.com/security/cve/CVE-2025-71268"
},
{
"category": "external",
"summary": "SUSE Bug 1259865 for CVE-2025-71268",
"url": "https://bugzilla.suse.com/1259865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-71268"
},
{
"cve": "CVE-2025-71269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71269"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is \u003c= 0).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71269",
"url": "https://www.suse.com/security/cve/CVE-2025-71269"
},
{
"category": "external",
"summary": "SUSE Bug 1259889 for CVE-2025-71269",
"url": "https://bugzilla.suse.com/1259889"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2025-71269"
},
{
"cve": "CVE-2026-23030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()\n\nThe for_each_available_child_of_node() calls of_node_put() to\nrelease child_np in each success loop. After breaking from the\nloop with the child_np has been released, the code will jump to\nthe put_child label and will call the of_node_put() again if the\ndevm_request_threaded_irq() fails. These cause a double free bug.\n\nFix by returning directly to avoid the duplicate of_node_put().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23030",
"url": "https://www.suse.com/security/cve/CVE-2026-23030"
},
{
"category": "external",
"summary": "SUSE Bug 1257561 for CVE-2026-23030",
"url": "https://bugzilla.suse.com/1257561"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23030"
},
{
"cve": "CVE-2026-23047",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23047"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make calc_target() set t-\u003epaused, not just clear it\n\nCurrently calc_target() clears t-\u003epaused if the request shouldn\u0027t be\npaused anymore, but doesn\u0027t ever set t-\u003epaused even though it\u0027s able to\ndetermine when the request should be paused. Setting t-\u003epaused is left\nto __submit_request() which is fine for regular requests but doesn\u0027t\nwork for linger requests -- since __submit_request() doesn\u0027t operate\non linger requests, there is nowhere for lreq-\u003et.paused to be set.\nOne consequence of this is that watches don\u0027t get reestablished on\npaused -\u003e unpaused transitions in cases where requests have been paused\nlong enough for the (paused) unwatch request to time out and for the\nsubsequent (re)watch request to enter the paused state. On top of the\nwatch not getting reestablished, rbd_reregister_watch() gets stuck with\nrbd_dev-\u003ewatch_mutex held:\n\n rbd_register_watch\n __rbd_register_watch\n ceph_osdc_watch\n linger_reg_commit_wait\n\nIt\u0027s waiting for lreq-\u003ereg_commit_wait to be completed, but for that to\nhappen the respective request needs to end up on need_resend_linger list\nand be kicked when requests are unpaused. There is no chance for that\nif the request in question is never marked paused in the first place.\n\nThe fact that rbd_dev-\u003ewatch_mutex remains taken out forever then\nprevents the image from getting unmapped -- \"rbd unmap\" would inevitably\nhang in D state on an attempt to grab the mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23047",
"url": "https://www.suse.com/security/cve/CVE-2026-23047"
},
{
"category": "external",
"summary": "SUSE Bug 1257682 for CVE-2026-23047",
"url": "https://bugzilla.suse.com/1257682"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23047"
},
{
"cve": "CVE-2026-23054",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23054"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hv_netvsc: reject RSS hash key programming without RX indirection table\n\nRSS configuration requires a valid RX indirection table. When the device\nreports a single receive queue, rndis_filter_device_add() does not\nallocate an indirection table, accepting RSS hash key updates in this\nstate leads to a hang.\n\nFix this by gating netvsc_set_rxfh() on ndc-\u003erx_table_sz and return\n-EOPNOTSUPP when the table is absent. This aligns set_rxfh with the device\ncapabilities and prevents incorrect behavior.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23054",
"url": "https://www.suse.com/security/cve/CVE-2026-23054"
},
{
"category": "external",
"summary": "SUSE Bug 1257732 for CVE-2026-23054",
"url": "https://bugzilla.suse.com/1257732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23054"
},
{
"cve": "CVE-2026-23069",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23069"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: fix potential underflow in virtio_transport_get_credit()\n\nThe credit calculation in virtio_transport_get_credit() uses unsigned\narithmetic:\n\n ret = vvs-\u003epeer_buf_alloc - (vvs-\u003etx_cnt - vvs-\u003epeer_fwd_cnt);\n\nIf the peer shrinks its advertised buffer (peer_buf_alloc) while bytes\nare in flight, the subtraction can underflow and produce a large\npositive value, potentially allowing more data to be queued than the\npeer can handle.\n\nReuse virtio_transport_has_space() which already handles this case and\nadd a comment to make it clear why we are doing that.\n\n[Stefano: use virtio_transport_has_space() instead of duplicating the code]\n[Stefano: tweak the commit message]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23069",
"url": "https://www.suse.com/security/cve/CVE-2026-23069"
},
{
"category": "external",
"summary": "SUSE Bug 1257755 for CVE-2026-23069",
"url": "https://bugzilla.suse.com/1257755"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23069"
},
{
"cve": "CVE-2026-23088",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23088"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Fix crash on synthetic stacktrace field usage\n\nWhen creating a synthetic event based on an existing synthetic event that\nhad a stacktrace field and the new synthetic event used that field a\nkernel crash occurred:\n\n ~# cd /sys/kernel/tracing\n ~# echo \u0027s:stack unsigned long stack[];\u0027 \u003e dynamic_events\n ~# echo \u0027hist:keys=prev_pid:s0=common_stacktrace if prev_state \u0026 3\u0027 \u003e\u003e events/sched/sched_switch/trigger\n ~# echo \u0027hist:keys=next_pid:s1=$s0:onmatch(sched.sched_switch).trace(stack,$s1)\u0027 \u003e\u003e events/sched/sched_switch/trigger\n\nThe above creates a synthetic event that takes a stacktrace when a task\nschedules out in a non-running state and passes that stacktrace to the\nsched_switch event when that task schedules back in. It triggers the\n\"stack\" synthetic event that has a stacktrace as its field (called \"stack\").\n\n ~# echo \u0027s:syscall_stack s64 id; unsigned long stack[];\u0027 \u003e\u003e dynamic_events\n ~# echo \u0027hist:keys=common_pid:s2=stack\u0027 \u003e\u003e events/synthetic/stack/trigger\n ~# echo \u0027hist:keys=common_pid:s3=$s2,i0=id:onmatch(synthetic.stack).trace(syscall_stack,$i0,$s3)\u0027 \u003e\u003e events/raw_syscalls/sys_exit/trigger\n\nThe above makes another synthetic event called \"syscall_stack\" that\nattaches the first synthetic event (stack) to the sys_exit trace event and\nrecords the stacktrace from the stack event with the id of the system call\nthat is exiting.\n\nWhen enabling this event (or using it in a historgram):\n\n ~# echo 1 \u003e events/synthetic/syscall_stack/enable\n\nProduces a kernel crash!\n\n BUG: unable to handle page fault for address: 0000000000400010\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] SMP PTI\n CPU: 6 UID: 0 PID: 1257 Comm: bash Not tainted 6.16.3+deb14-amd64 #1 PREEMPT(lazy) Debian 6.16.3-1\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-debian-1.17.0-1 04/01/2014\n RIP: 0010:trace_event_raw_event_synth+0x90/0x380\n Code: c5 00 00 00 00 85 d2 0f 84 e1 00 00 00 31 db eb 34 0f 1f 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 66 2e 0f 1f 84 00 00 00 00 00 \u003c49\u003e 8b 04 24 48 83 c3 01 8d 0c c5 08 00 00 00 01 cd 41 3b 5d 40 0f\n RSP: 0018:ffffd2670388f958 EFLAGS: 00010202\n RAX: ffff8ba1065cc100 RBX: 0000000000000000 RCX: 0000000000000000\n RDX: 0000000000000001 RSI: fffff266ffda7b90 RDI: ffffd2670388f9b0\n RBP: 0000000000000010 R08: ffff8ba104e76000 R09: ffffd2670388fa50\n R10: ffff8ba102dd42e0 R11: ffffffff9a908970 R12: 0000000000400010\n R13: ffff8ba10a246400 R14: ffff8ba10a710220 R15: fffff266ffda7b90\n FS: 00007fa3bc63f740(0000) GS:ffff8ba2e0f48000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000400010 CR3: 0000000107f9e003 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ? __tracing_map_insert+0x208/0x3a0\n action_trace+0x67/0x70\n event_hist_trigger+0x633/0x6d0\n event_triggers_call+0x82/0x130\n trace_event_buffer_commit+0x19d/0x250\n trace_event_raw_event_sys_exit+0x62/0xb0\n syscall_exit_work+0x9d/0x140\n do_syscall_64+0x20a/0x2f0\n ? trace_event_raw_event_sched_switch+0x12b/0x170\n ? save_fpregs_to_fpstate+0x3e/0x90\n ? _raw_spin_unlock+0xe/0x30\n ? finish_task_switch.isra.0+0x97/0x2c0\n ? __rseq_handle_notify_resume+0xad/0x4c0\n ? __schedule+0x4b8/0xd00\n ? restore_fpregs_from_fpstate+0x3c/0x90\n ? switch_fpu_return+0x5b/0xe0\n ? do_syscall_64+0x1ef/0x2f0\n ? do_fault+0x2e9/0x540\n ? __handle_mm_fault+0x7d1/0xf70\n ? count_memcg_events+0x167/0x1d0\n ? handle_mm_fault+0x1d7/0x2e0\n ? do_user_addr_fault+0x2c3/0x7f0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe reason is that the stacktrace field is not labeled as such, and is\ntreated as a normal field and not as a dynamic event that it is.\n\nIn trace_event_raw_event_synth() the event is field is still treated as a\ndynamic array, but the retrieval of the data is considered a normal field,\nand the reference is just the meta data:\n\n// Meta data is retrieved instead of a dynamic array\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23088",
"url": "https://www.suse.com/security/cve/CVE-2026-23088"
},
{
"category": "external",
"summary": "SUSE Bug 1257814 for CVE-2026-23088",
"url": "https://bugzilla.suse.com/1257814"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23088"
},
{
"cve": "CVE-2026-23103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Make the addrs_lock be per port\n\nMake the addrs_lock be per port, not per ipvlan dev.\n\nInitial code seems to be written in the assumption,\nthat any address change must occur under RTNL.\nBut it is not so for the case of IPv6. So\n\n1) Introduce per-port addrs_lock.\n\n2) It was needed to fix places where it was forgotten\nto take lock (ipvlan_open/ipvlan_close)\n\nThis appears to be a very minor problem though.\nSince it\u0027s highly unlikely that ipvlan_add_addr() will\nbe called on 2 CPU simultaneously. But nevertheless,\nthis could cause:\n\n1) False-negative of ipvlan_addr_busy(): one interface\niterated through all port-\u003eipvlans + ipvlan-\u003eaddrs\nunder some ipvlan spinlock, and another added IP\nunder its own lock. Though this is only possible\nfor IPv6, since looks like only ipvlan_addr6_event() can be\ncalled without rtnl_lock.\n\n2) Race since ipvlan_ht_addr_add(port) is called under\ndifferent ipvlan-\u003eaddrs_lock locks\n\nThis should not affect performance, since add/remove IP\nis a rare situation and spinlock is not taken on fast\npaths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23103",
"url": "https://www.suse.com/security/cve/CVE-2026-23103"
},
{
"category": "external",
"summary": "SUSE Bug 1257773 for CVE-2026-23103",
"url": "https://bugzilla.suse.com/1257773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23103"
},
{
"cve": "CVE-2026-23120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: avoid one data-race in l2tp_tunnel_del_work()\n\nWe should read sk-\u003esk_socket only when dealing with kernel sockets.\n\nsyzbot reported the following data-race:\n\nBUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release\n\nwrite to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0:\n sk_set_socket include/net/sock.h:2092 [inline]\n sock_orphan include/net/sock.h:2118 [inline]\n sk_common_release+0xae/0x230 net/core/sock.c:4003\n udp_lib_close+0x15/0x20 include/net/udp.h:325\n inet_release+0xce/0xf0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:662 [inline]\n sock_close+0x6b/0x150 net/socket.c:1455\n __fput+0x29b/0x650 fs/file_table.c:468\n ____fput+0x1c/0x30 fs/file_table.c:496\n task_work_run+0x131/0x1a0 kernel/task_work.c:233\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]\n exit_to_user_mode_loop+0x1fe/0x740 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x1e1/0x2b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88811c182b20 of 8 bytes by task 827 on cpu 1:\n l2tp_tunnel_del_work+0x2f/0x1a0 net/l2tp/l2tp_core.c:1418\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340\n worker_thread+0x582/0x770 kernel/workqueue.c:3421\n kthread+0x489/0x510 kernel/kthread.c:463\n ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nvalue changed: 0xffff88811b818000 -\u003e 0x0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23120",
"url": "https://www.suse.com/security/cve/CVE-2026-23120"
},
{
"category": "external",
"summary": "SUSE Bug 1258280 for CVE-2026-23120",
"url": "https://bugzilla.suse.com/1258280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23120"
},
{
"cve": "CVE-2026-23125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT\n\nA null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key\ninitialization fails:\n\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2\n RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline]\n RIP: 0010:sctp_packet_append_chunk+0xb36/0x1260 net/sctp/output.c:401\n Call Trace:\n\n sctp_packet_transmit_chunk+0x31/0x250 net/sctp/output.c:189\n sctp_outq_flush_data+0xa29/0x26d0 net/sctp/outqueue.c:1111\n sctp_outq_flush+0xc80/0x1240 net/sctp/outqueue.c:1217\n sctp_cmd_interpreter.isra.0+0x19a5/0x62c0 net/sctp/sm_sideeffect.c:1787\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x1a3/0x670 net/sctp/sm_sideeffect.c:1169\n sctp_assoc_bh_rcv+0x33e/0x640 net/sctp/associola.c:1052\n sctp_inq_push+0x1dd/0x280 net/sctp/inqueue.c:88\n sctp_rcv+0x11ae/0x3100 net/sctp/input.c:243\n sctp6_rcv+0x3d/0x60 net/sctp/ipv6.c:1127\n\nThe issue is triggered when sctp_auth_asoc_init_active_key() fails in\nsctp_sf_do_5_1C_ack() while processing an INIT_ACK. In this case, the\ncommand sequence is currently:\n\n- SCTP_CMD_PEER_INIT\n- SCTP_CMD_TIMER_STOP (T1_INIT)\n- SCTP_CMD_TIMER_START (T1_COOKIE)\n- SCTP_CMD_NEW_STATE (COOKIE_ECHOED)\n- SCTP_CMD_ASSOC_SHKEY\n- SCTP_CMD_GEN_COOKIE_ECHO\n\nIf SCTP_CMD_ASSOC_SHKEY fails, asoc-\u003eshkey remains NULL, while\nasoc-\u003epeer.auth_capable and asoc-\u003epeer.peer_chunks have already been set by\nSCTP_CMD_PEER_INIT. This allows a DATA chunk with auth = 1 and shkey = NULL\nto be queued by sctp_datamsg_from_user().\n\nSince command interpretation stops on failure, no COOKIE_ECHO should been\nsent via SCTP_CMD_GEN_COOKIE_ECHO. However, the T1_COOKIE timer has already\nbeen started, and it may enqueue a COOKIE_ECHO into the outqueue later. As\na result, the DATA chunk can be transmitted together with the COOKIE_ECHO\nin sctp_outq_flush_data(), leading to the observed issue.\n\nSimilar to the other places where it calls sctp_auth_asoc_init_active_key()\nright after sctp_process_init(), this patch moves the SCTP_CMD_ASSOC_SHKEY\nimmediately after SCTP_CMD_PEER_INIT, before stopping T1_INIT and starting\nT1_COOKIE. This ensures that if shared key generation fails, authenticated\nDATA cannot be sent. It also allows the T1_INIT timer to retransmit INIT,\ngiving the client another chance to process INIT_ACK and retry key setup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23125",
"url": "https://www.suse.com/security/cve/CVE-2026-23125"
},
{
"category": "external",
"summary": "SUSE Bug 1258293 for CVE-2026-23125",
"url": "https://bugzilla.suse.com/1258293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23125"
},
{
"cve": "CVE-2026-23136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23136"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: reset sparse-read state in osd_fault()\n\nWhen a fault occurs, the connection is abandoned, reestablished, and any\npending operations are retried. The OSD client tracks the progress of a\nsparse-read reply using a separate state machine, largely independent of\nthe messenger\u0027s state.\n\nIf a connection is lost mid-payload or the sparse-read state machine\nreturns an error, the sparse-read state is not reset. The OSD client\nwill then interpret the beginning of a new reply as the continuation of\nthe old one. If this makes the sparse-read machinery enter a failure\nstate, it may never recover, producing loops like:\n\n libceph: [0] got 0 extents\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n libceph: data len 142248331 != extent len 0\n libceph: osd0 (1)...:6801 socket error on read\n\nTherefore, reset the sparse-read state in osd_fault(), ensuring retries\nstart from a clean state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23136",
"url": "https://www.suse.com/security/cve/CVE-2026-23136"
},
{
"category": "external",
"summary": "SUSE Bug 1258303 for CVE-2026-23136",
"url": "https://bugzilla.suse.com/1258303"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23136"
},
{
"cve": "CVE-2026-23140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Subtract size of xdp_frame from allowed metadata size\n\nThe xdp_frame structure takes up part of the XDP frame headroom,\nlimiting the size of the metadata. However, in bpf_test_run, we don\u0027t\ntake this into account, which makes it possible for userspace to supply\na metadata size that is too large (taking up the entire headroom).\n\nIf userspace supplies such a large metadata size in live packet mode,\nthe xdp_update_frame_from_buff() call in xdp_test_run_init_page() call\nwill fail, after which packet transmission proceeds with an\nuninitialised frame structure, leading to the usual Bad Stuff.\n\nThe commit in the Fixes tag fixed a related bug where the second check\nin xdp_update_frame_from_buff() could fail, but did not add any\nadditional constraints on the metadata size. Complete the fix by adding\nan additional check on the metadata size. Reorder the checks slightly to\nmake the logic clearer and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23140",
"url": "https://www.suse.com/security/cve/CVE-2026-23140"
},
{
"category": "external",
"summary": "SUSE Bug 1258305 for CVE-2026-23140",
"url": "https://bugzilla.suse.com/1258305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23140"
},
{
"cve": "CVE-2026-23154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23154"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix segmentation of forwarding fraglist GRO\n\nThis patch enhances GSO segment handling by properly checking\nthe SKB_GSO_DODGY flag for frag_list GSO packets, addressing\nlow throughput issues observed when a station accesses IPv4\nservers via hotspots with an IPv6-only upstream interface.\n\nSpecifically, it fixes a bug in GSO segmentation when forwarding\nGRO packets containing a frag_list. The function skb_segment_list\ncannot correctly process GRO skbs that have been converted by XLAT,\nsince XLAT only translates the header of the head skb. Consequently,\nskbs in the frag_list may remain untranslated, resulting in protocol\ninconsistencies and reduced throughput.\n\nTo address this, the patch explicitly sets the SKB_GSO_DODGY flag\nfor GSO packets in XLAT\u0027s IPv4/IPv6 protocol translation helpers\n(bpf_skb_proto_4_to_6 and bpf_skb_proto_6_to_4). This marks GSO\npackets as potentially modified after protocol translation. As a\nresult, GSO segmentation will avoid using skb_segment_list and\ninstead falls back to skb_segment for packets with the SKB_GSO_DODGY\nflag. This ensures that only safe and fully translated frag_list\npackets are processed by skb_segment_list, resolving protocol\ninconsistencies and improving throughput when forwarding GRO packets\nconverted by XLAT.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23154",
"url": "https://www.suse.com/security/cve/CVE-2026-23154"
},
{
"category": "external",
"summary": "SUSE Bug 1258286 for CVE-2026-23154",
"url": "https://bugzilla.suse.com/1258286"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23154"
},
{
"cve": "CVE-2026-23157",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23157"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not strictly require dirty metadata threshold for metadata writepages\n\n[BUG]\nThere is an internal report that over 1000 processes are\nwaiting at the io_schedule_timeout() of balance_dirty_pages(), causing\na system hang and trigger a kernel coredump.\n\nThe kernel is v6.4 kernel based, but the root problem still applies to\nany upstream kernel before v6.18.\n\n[CAUSE]\nFrom Jan Kara for his wisdom on the dirty page balance behavior first.\n\n This cgroup dirty limit was what was actually playing the role here\n because the cgroup had only a small amount of memory and so the dirty\n limit for it was something like 16MB.\n\n Dirty throttling is responsible for enforcing that nobody can dirty\n (significantly) more dirty memory than there\u0027s dirty limit. Thus when\n a task is dirtying pages it periodically enters into balance_dirty_pages()\n and we let it sleep there to slow down the dirtying.\n\n When the system is over dirty limit already (either globally or within\n a cgroup of the running task), we will not let the task exit from\n balance_dirty_pages() until the number of dirty pages drops below the\n limit.\n\n So in this particular case, as I already mentioned, there was a cgroup\n with relatively small amount of memory and as a result with dirty limit\n set at 16MB. A task from that cgroup has dirtied about 28MB worth of\n pages in btrfs btree inode and these were practically the only dirty\n pages in that cgroup.\n\nSo that means the only way to reduce the dirty pages of that cgroup is\nto writeback the dirty pages of btrfs btree inode, and only after that\nthose processes can exit balance_dirty_pages().\n\nNow back to the btrfs part, btree_writepages() is responsible for\nwriting back dirty btree inode pages.\n\nThe problem here is, there is a btrfs internal threshold that if the\nbtree inode\u0027s dirty bytes are below the 32M threshold, it will not\ndo any writeback.\n\nThis behavior is to batch as much metadata as possible so we won\u0027t write\nback those tree blocks and then later re-COW them again for another\nmodification.\n\nThis internal 32MiB is higher than the existing dirty page size (28MiB),\nmeaning no writeback will happen, causing a deadlock between btrfs and\ncgroup:\n\n- Btrfs doesn\u0027t want to write back btree inode until more dirty pages\n\n- Cgroup/MM doesn\u0027t want more dirty pages for btrfs btree inode\n Thus any process touching that btree inode is put into sleep until\n the number of dirty pages is reduced.\n\nThanks Jan Kara a lot for the analysis of the root cause.\n\n[ENHANCEMENT]\nSince kernel commit b55102826d7d (\"btrfs: set AS_KERNEL_FILE on the\nbtree_inode\"), btrfs btree inode pages will only be charged to the root\ncgroup which should have a much larger limit than btrfs\u0027 32MiB\nthreshold.\nSo it should not affect newer kernels.\n\nBut for all current LTS kernels, they are all affected by this problem,\nand backporting the whole AS_KERNEL_FILE may not be a good idea.\n\nEven for newer kernels I still think it\u0027s a good idea to get\nrid of the internal threshold at btree_writepages(), since for most cases\ncgroup/MM has a better view of full system memory usage than btrfs\u0027 fixed\nthreshold.\n\nFor internal callers using btrfs_btree_balance_dirty() since that\nfunction is already doing internal threshold check, we don\u0027t need to\nbother them.\n\nBut for external callers of btree_writepages(), just respect their\nrequests and write back whatever they want, ignoring the internal\nbtrfs threshold to avoid such deadlock on btree inode dirty page\nbalancing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23157",
"url": "https://www.suse.com/security/cve/CVE-2026-23157"
},
{
"category": "external",
"summary": "SUSE Bug 1258376 for CVE-2026-23157",
"url": "https://bugzilla.suse.com/1258376"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23157"
},
{
"cve": "CVE-2026-23169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23169"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmptcp: fix race in mptcp_pm_nl_flush_addrs_doit()\n\nsyzbot and Eulgyu Kim reported crashes in mptcp_pm_nl_get_local_id()\nand/or mptcp_pm_nl_is_backup()\n\nRoot cause is list_splice_init() in mptcp_pm_nl_flush_addrs_doit()\nwhich is not RCU ready.\n\nlist_splice_init_rcu() can not be called here while holding pernet-\u003elock\nspinlock.\n\nMany thanks to Eulgyu Kim for providing a repro and testing our patches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23169",
"url": "https://www.suse.com/security/cve/CVE-2026-23169"
},
{
"category": "external",
"summary": "SUSE Bug 1258389 for CVE-2026-23169",
"url": "https://bugzilla.suse.com/1258389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23169"
},
{
"cve": "CVE-2026-23187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains\n\nFix out-of-range access of bc-\u003edomains in imx8m_blk_ctrl_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23187",
"url": "https://www.suse.com/security/cve/CVE-2026-23187"
},
{
"category": "external",
"summary": "SUSE Bug 1258330 for CVE-2026-23187",
"url": "https://bugzilla.suse.com/1258330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23187"
},
{
"cve": "CVE-2026-23193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()\n\nIn iscsit_dec_session_usage_count(), the function calls complete() while\nholding the sess-\u003esession_usage_lock. Similar to the connection usage count\nlogic, the waiter signaled by complete() (e.g., in the session release\npath) may wake up and free the iscsit_session structure immediately.\n\nThis creates a race condition where the current thread may attempt to\nexecute spin_unlock_bh() on a session structure that has already been\ndeallocated, resulting in a KASAN slab-use-after-free.\n\nTo resolve this, release the session_usage_lock before calling complete()\nto ensure all dereferences of the sess pointer are finished before the\nwaiter is allowed to proceed with deallocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23193",
"url": "https://www.suse.com/security/cve/CVE-2026-23193"
},
{
"category": "external",
"summary": "SUSE Bug 1258414 for CVE-2026-23193",
"url": "https://bugzilla.suse.com/1258414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23193"
},
{
"cve": "CVE-2026-23201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix oops due to invalid pointer for kfree() in parse_longname()\n\nThis fixes a kernel oops when reading ceph snapshot directories (.snap),\nfor example by simply running `ls /mnt/my_ceph/.snap`.\n\nThe variable str is guarded by __free(kfree), but advanced by one for\nskipping the initial \u0027_\u0027 in snapshot names. Thus, kfree() is called\nwith an invalid pointer. This patch removes the need for advancing the\npointer so kfree() is called with correct memory pointer.\n\nSteps to reproduce:\n\n1. Create snapshots on a cephfs volume (I\u0027ve 63 snaps in my testcase)\n\n2. Add cephfs mount to fstab\n$ echo \"samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6 /mnt/test/stuff ceph acl,noatime,_netdev 0 0\" \u003e\u003e /etc/fstab\n\n3. Reboot the system\n$ systemctl reboot\n\n4. Check if it\u0027s really mounted\n$ mount | grep stuff\n\n5. List snapshots (expected 63 snapshots on my system)\n$ ls /mnt/test/stuff/.snap\n\nNow ls hangs forever and the kernel log shows the oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23201",
"url": "https://www.suse.com/security/cve/CVE-2026-23201"
},
{
"category": "external",
"summary": "SUSE Bug 1258337 for CVE-2026-23201",
"url": "https://bugzilla.suse.com/1258337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23201"
},
{
"cve": "CVE-2026-23202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23202"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer\n\nThe curr_xfer field is read by the IRQ handler without holding the lock\nto check if a transfer is in progress. When clearing curr_xfer in the\ncombined sequence transfer loop, protect it with the spinlock to prevent\na race with the interrupt handler.\n\nProtect the curr_xfer clearing at the exit path of\ntegra_qspi_combined_seq_xfer() with the spinlock to prevent a race\nwith the interrupt handler that reads this field.\n\nWithout this protection, the IRQ handler could read a partially updated\ncurr_xfer value, leading to NULL pointer dereference or use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23202",
"url": "https://www.suse.com/security/cve/CVE-2026-23202"
},
{
"category": "external",
"summary": "SUSE Bug 1258338 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1258338"
},
{
"category": "external",
"summary": "SUSE Bug 1261033 for CVE-2026-23202",
"url": "https://bugzilla.suse.com/1261033"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23202"
},
{
"cve": "CVE-2026-23204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23204",
"url": "https://www.suse.com/security/cve/CVE-2026-23204"
},
{
"category": "external",
"summary": "SUSE Bug 1258340 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "external",
"summary": "SUSE Bug 1259126 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1259126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23204"
},
{
"cve": "CVE-2026-23207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23207"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Protect curr_xfer check in IRQ handler\n\nNow that all other accesses to curr_xfer are done under the lock,\nprotect the curr_xfer NULL check in tegra_qspi_isr_thread() with the\nspinlock. Without this protection, the following race can occur:\n\n CPU0 (ISR thread) CPU1 (timeout path)\n ---------------- -------------------\n if (!tqspi-\u003ecurr_xfer)\n // sees non-NULL\n spin_lock()\n tqspi-\u003ecurr_xfer = NULL\n spin_unlock()\n handle_*_xfer()\n spin_lock()\n t = tqspi-\u003ecurr_xfer // NULL!\n ... t-\u003elen ... // NULL dereference!\n\nWith this patch, all curr_xfer accesses are now properly synchronized.\n\nAlthough all accesses to curr_xfer are done under the lock, in\ntegra_qspi_isr_thread() it checks for NULL, releases the lock and\nreacquires it later in handle_cpu_based_xfer()/handle_dma_based_xfer().\nThere is a potential for an update in between, which could cause a NULL\npointer dereference.\n\nTo handle this, add a NULL check inside the handlers after acquiring\nthe lock. This ensures that if the timeout path has already cleared\ncurr_xfer, the handler will safely return without dereferencing the\nNULL pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23207",
"url": "https://www.suse.com/security/cve/CVE-2026-23207"
},
{
"category": "external",
"summary": "SUSE Bug 1258524 for CVE-2026-23207",
"url": "https://bugzilla.suse.com/1258524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23207"
},
{
"cve": "CVE-2026-23216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn-\u003econn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23216",
"url": "https://www.suse.com/security/cve/CVE-2026-23216"
},
{
"category": "external",
"summary": "SUSE Bug 1258447 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "external",
"summary": "SUSE Bug 1258448 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23216"
},
{
"cve": "CVE-2026-23231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n under rcu_read_lock(). A concurrent dump can still be walking\n the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n installs the IPv4 hook before IPv6 registration fails. Packets\n entering nft_do_chain() via the transient IPv4 hook can still be\n dereferencing chain-\u003eblob_gen_X when the error path frees the\n chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23231",
"url": "https://www.suse.com/security/cve/CVE-2026-23231"
},
{
"category": "external",
"summary": "SUSE Bug 1259188 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "external",
"summary": "SUSE Bug 1259189 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp-\u003erx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp-\u003erx_fpdu-\u003emore_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23242",
"url": "https://www.suse.com/security/cve/CVE-2026-23242"
},
{
"category": "external",
"summary": "SUSE Bug 1259795 for CVE-2026-23242",
"url": "https://bugzilla.suse.com/1259795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23242"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt-\u003edev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt-\u003edev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt-\u003edev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23255",
"url": "https://www.suse.com/security/cve/CVE-2026-23255"
},
{
"category": "external",
"summary": "SUSE Bug 1259891 for CVE-2026-23255",
"url": "https://bugzilla.suse.com/1259891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23255"
},
{
"cve": "CVE-2026-23262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC\u0027s stats.\n\nWhen the number of queues is changed, the driver\u0027s stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23262",
"url": "https://www.suse.com/security/cve/CVE-2026-23262"
},
{
"category": "external",
"summary": "SUSE Bug 1259870 for CVE-2026-23262",
"url": "https://bugzilla.suse.com/1259870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23262"
},
{
"cve": "CVE-2026-23270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks\n\nAs Paolo said earlier [1]:\n\n\"Since the blamed commit below, classify can return TC_ACT_CONSUMED while\nthe current skb being held by the defragmentation engine. As reported by\nGangMin Kim, if such packet is that may cause a UaF when the defrag engine\nlater on tries to tuch again such packet.\"\n\nact_ct was never meant to be used in the egress path, however some users\nare attaching it to egress today [2]. Attempting to reach a middle\nground, we noticed that, while most qdiscs are not handling\nTC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we\naddress the issue by only allowing act_ct to bind to clsact/ingress\nqdiscs and shared blocks. That way it\u0027s still possible to attach act_ct to\negress (albeit only with clsact).\n\n[1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/\n[2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23270",
"url": "https://www.suse.com/security/cve/CVE-2026-23270"
},
{
"category": "external",
"summary": "SUSE Bug 1259886 for CVE-2026-23270",
"url": "https://bugzilla.suse.com/1259886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23270"
},
{
"cve": "CVE-2026-23272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set-\u003enelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set-\u003enelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23272",
"url": "https://www.suse.com/security/cve/CVE-2026-23272"
},
{
"category": "external",
"summary": "SUSE Bug 1260009 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "external",
"summary": "SUSE Bug 1260909 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23272"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n \u003cTASK\u003e\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n __gre_xmit (net/ipv4/ip_gre.c:478)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n teql_master_xmit (net/sched/sch_teql.c:319)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n neigh_direct_output (net/core/neighbour.c:1660)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n ip_mc_output (net/ipv4/ip_output.c:369)\n ip_send_skb (net/ipv4/ip_output.c:1508)\n udp_send_skb (net/ipv4/udp.c:1195)\n udp_sendmsg (net/ipv4/udp.c:1485)\n inet_sendmsg (net/ipv4/af_inet.c:859)\n __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23277",
"url": "https://www.suse.com/security/cve/CVE-2026-23277"
},
{
"category": "external",
"summary": "SUSE Bug 1259997 for CVE-2026-23277",
"url": "https://bugzilla.suse.com/1259997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23277"
},
{
"cve": "CVE-2026-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23278",
"url": "https://www.suse.com/security/cve/CVE-2026-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1259998 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "external",
"summary": "SUSE Bug 1260907 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1260907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23278"
},
{
"cve": "CVE-2026-23281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix use-after-free in lbs_free_adapter()\n\nThe lbs_free_adapter() function uses timer_delete() (non-synchronous)\nfor both command_timer and tx_lockup_timer before the structure is\nfreed. This is incorrect because timer_delete() does not wait for\nany running timer callback to complete.\n\nIf a timer callback is executing when lbs_free_adapter() is called,\nthe callback will access freed memory since lbs_cfg_free() frees the\ncontaining structure immediately after lbs_free_adapter() returns.\n\nBoth timer callbacks (lbs_cmd_timeout_handler and lbs_tx_lockup_handler)\naccess priv-\u003edriver_lock, priv-\u003ecur_cmd, priv-\u003edev, and other fields,\nwhich would all be use-after-free violations.\n\nUse timer_delete_sync() instead to ensure any running timer callback\nhas completed before returning.\n\nThis bug was introduced in commit 8f641d93c38a (\"libertas: detect TX\nlockups and reset hardware\") where del_timer() was used instead of\ndel_timer_sync() in the cleanup path. The command_timer has had the\nsame issue since the driver was first written.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23281",
"url": "https://www.suse.com/security/cve/CVE-2026-23281"
},
{
"category": "external",
"summary": "SUSE Bug 1260464 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "external",
"summary": "SUSE Bug 1260466 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23281"
},
{
"cve": "CVE-2026-23292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, \u0026p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store(). This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n down_read\n __configfs_open_file\n do_dentry_open\n vfs_open\n do_open\n path_openat\n do_filp_open\n file_open_name\n filp_open\n target_core_item_dbroot_store\n flush_write_buffer\n configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23292",
"url": "https://www.suse.com/security/cve/CVE-2026-23292"
},
{
"category": "external",
"summary": "SUSE Bug 1260500 for CVE-2026-23292",
"url": "https://bugzilla.suse.com/1260500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23292"
},
{
"cve": "CVE-2026-23293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n \u003cTASK\u003e\n vxlan_xmit+0x638/0x1ef0 [vxlan]\n dev_hard_start_xmit+0x9e/0x2e0\n __dev_queue_xmit+0xbee/0x14e0\n packet_sendmsg+0x116f/0x1930\n __sys_sendto+0x1f5/0x200\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x12f/0x1590\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23293",
"url": "https://www.suse.com/security/cve/CVE-2026-23293"
},
{
"category": "external",
"summary": "SUSE Bug 1260486 for CVE-2026-23293",
"url": "https://bugzilla.suse.com/1260486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23293"
},
{
"cve": "CVE-2026-23304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -\u003e ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n Call Trace:\n ip6_pol_route (net/ipv6/route.c:2318)\n fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n ip6_route_output_flags (net/ipv6/route.c:2607)\n vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23304",
"url": "https://www.suse.com/security/cve/CVE-2026-23304"
},
{
"category": "external",
"summary": "SUSE Bug 1260544 for CVE-2026-23304",
"url": "https://bugzilla.suse.com/1260544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23304"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-23319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim\n\nThe root cause of this bug is that when \u0027bpf_link_put\u0027 reduces the\nrefcount of \u0027shim_link-\u003elink.link\u0027 to zero, the resource is considered\nreleased but may still be referenced via \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027cgroup_shim_find\u0027. The actual cleanup of \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027bpf_shim_tramp_link_release\u0027 is deferred. During this window, another\nprocess can cause a use-after-free via \u0027bpf_trampoline_link_cgroup_shim\u0027.\n\nBased on Martin KaFai Lau\u0027s suggestions, I have created a simple patch.\n\nTo fix this:\n Add an atomic non-zero check in \u0027bpf_trampoline_link_cgroup_shim\u0027.\n Only increment the refcount if it is not already zero.\n\nTesting:\n I verified the fix by adding a delay in\n \u0027bpf_shim_tramp_link_release\u0027 to make the bug easier to trigger:\n\nstatic void bpf_shim_tramp_link_release(struct bpf_link *link)\n{\n\t/* ... */\n\tif (!shim_link-\u003etrampoline)\n\t\treturn;\n\n+\tmsleep(100);\n\tWARN_ON_ONCE(bpf_trampoline_unlink_prog(\u0026shim_link-\u003elink,\n\t\tshim_link-\u003etrampoline, NULL));\n\tbpf_trampoline_put(shim_link-\u003etrampoline);\n}\n\nBefore the patch, running a PoC easily reproduced the crash(almost 100%)\nwith a call trace similar to KaiyanM\u0027s report.\nAfter the patch, the bug no longer occurs even after millions of\niterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23319",
"url": "https://www.suse.com/security/cve/CVE-2026-23319"
},
{
"category": "external",
"summary": "SUSE Bug 1260735 for CVE-2026-23319",
"url": "https://bugzilla.suse.com/1260735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23319"
},
{
"cve": "CVE-2026-23335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23335",
"url": "https://www.suse.com/security/cve/CVE-2026-23335"
},
{
"category": "external",
"summary": "SUSE Bug 1260550 for CVE-2026-23335",
"url": "https://bugzilla.suse.com/1260550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "low"
}
],
"title": "CVE-2026-23335"
},
{
"cve": "CVE-2026-23343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: produce a warning when calculated tailroom is negative\n\nMany ethernet drivers report xdp Rx queue frag size as being the same as\nDMA write size. However, the only user of this field, namely\nbpf_xdp_frags_increase_tail(), clearly expects a truesize.\n\nSuch difference leads to unspecific memory corruption issues under certain\ncircumstances, e.g. in ixgbevf maximum DMA write size is 3 KB, so when\nrunning xskxceiver\u0027s XDP_ADJUST_TAIL_GROW_MULTI_BUFF, 6K packet fully uses\nall DMA-writable space in 2 buffers. This would be fine, if only\nrxq-\u003efrag_size was properly set to 4K, but value of 3K results in a\nnegative tailroom, because there is a non-zero page offset.\n\nWe are supposed to return -EINVAL and be done with it in such case, but due\nto tailroom being stored as an unsigned int, it is reported to be somewhere\nnear UINT_MAX, resulting in a tail being grown, even if the requested\noffset is too much (it is around 2K in the abovementioned test). This later\nleads to all kinds of unspecific calltraces.\n\n[ 7340.337579] xskxceiver[1440]: segfault at 1da718 ip 00007f4161aeac9d sp 00007f41615a6a00 error 6\n[ 7340.338040] xskxceiver[1441]: segfault at 7f410000000b ip 00000000004042b5 sp 00007f415bffecf0 error 4\n[ 7340.338179] in libc.so.6[61c9d,7f4161aaf000+160000]\n[ 7340.339230] in xskxceiver[42b5,400000+69000]\n[ 7340.340300] likely on CPU 6 (core 0, socket 6)\n[ 7340.340302] Code: ff ff 01 e9 f4 fe ff ff 0f 1f 44 00 00 4c 39 f0 74 73 31 c0 ba 01 00 00 00 f0 0f b1 17 0f 85 ba 00 00 00 49 8b 87 88 00 00 00 \u003c4c\u003e 89 70 08 eb cc 0f 1f 44 00 00 48 8d bd f0 fe ff ff 89 85 ec fe\n[ 7340.340888] likely on CPU 3 (core 0, socket 3)\n[ 7340.345088] Code: 00 00 00 ba 00 00 00 00 be 00 00 00 00 89 c7 e8 31 ca ff ff 89 45 ec 8b 45 ec 85 c0 78 07 b8 00 00 00 00 eb 46 e8 0b c8 ff ff \u003c8b\u003e 00 83 f8 69 74 24 e8 ff c7 ff ff 8b 00 83 f8 0b 74 18 e8 f3 c7\n[ 7340.404334] Oops: general protection fault, probably for non-canonical address 0x6d255010bdffc: 0000 [#1] SMP NOPTI\n[ 7340.405972] CPU: 7 UID: 0 PID: 1439 Comm: xskxceiver Not tainted 6.19.0-rc1+ #21 PREEMPT(lazy)\n[ 7340.408006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[ 7340.409716] RIP: 0010:lookup_swap_cgroup_id+0x44/0x80\n[ 7340.410455] Code: 83 f8 1c 73 39 48 ba ff ff ff ff ff ff ff 03 48 8b 04 c5 20 55 fa bd 48 21 d1 48 89 ca 83 e1 01 48 d1 ea c1 e1 04 48 8d 04 90 \u003c8b\u003e 00 48 83 c4 10 d3 e8 c3 cc cc cc cc 31 c0 e9 98 b7 dd 00 48 89\n[ 7340.412787] RSP: 0018:ffffcc5c04f7f6d0 EFLAGS: 00010202\n[ 7340.413494] RAX: 0006d255010bdffc RBX: ffff891f477895a8 RCX: 0000000000000010\n[ 7340.414431] RDX: 0001c17e3fffffff RSI: 00fa070000000000 RDI: 000382fc7fffffff\n[ 7340.415354] RBP: 00fa070000000000 R08: ffffcc5c04f7f8f8 R09: ffffcc5c04f7f7d0\n[ 7340.416283] R10: ffff891f4c1a7000 R11: ffffcc5c04f7f9c8 R12: ffffcc5c04f7f7d0\n[ 7340.417218] R13: 03ffffffffffffff R14: 00fa06fffffffe00 R15: ffff891f47789500\n[ 7340.418229] FS: 0000000000000000(0000) GS:ffff891ffdfaa000(0000) knlGS:0000000000000000\n[ 7340.419489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7340.420286] CR2: 00007f415bfffd58 CR3: 0000000103f03002 CR4: 0000000000772ef0\n[ 7340.421237] PKRU: 55555554\n[ 7340.421623] Call Trace:\n[ 7340.421987] \u003cTASK\u003e\n[ 7340.422309] ? softleaf_from_pte+0x77/0xa0\n[ 7340.422855] swap_pte_batch+0xa7/0x290\n[ 7340.423363] zap_nonpresent_ptes.constprop.0.isra.0+0xd1/0x270\n[ 7340.424102] zap_pte_range+0x281/0x580\n[ 7340.424607] zap_pmd_range.isra.0+0xc9/0x240\n[ 7340.425177] unmap_page_range+0x24d/0x420\n[ 7340.425714] unmap_vmas+0xa1/0x180\n[ 7340.426185] exit_mmap+0xe1/0x3b0\n[ 7340.426644] __mmput+0x41/0x150\n[ 7340.427098] exit_mm+0xb1/0x110\n[ 7340.427539] do_exit+0x1b2/0x460\n[ 7340.427992] do_group_exit+0x2d/0xc0\n[ 7340.428477] get_signal+0x79d/0x7e0\n[ 7340.428957] arch_do_signal_or_restart+0x34/0x100\n[ 7340.429571] exit_to_user_mode_loop+0x8e/0x4c0\n[ 7340.430159] do_syscall_64+0x188/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23343",
"url": "https://www.suse.com/security/cve/CVE-2026-23343"
},
{
"category": "external",
"summary": "SUSE Bug 1260527 for CVE-2026-23343",
"url": "https://bugzilla.suse.com/1260527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23343"
},
{
"cve": "CVE-2026-23361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry\n\nEndpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X\ninterrupt to the host using a writel(), which generates a PCI posted write\ntransaction. There\u0027s no completion for posted writes, so the writel() may\nreturn before the PCI write completes. dw_pcie_ep_raise_msix_irq() also\nunmaps the outbound ATU entry used for the PCI write, so the write races\nwith the unmap.\n\nIf the PCI write loses the race with the ATU unmap, the write may corrupt\nhost memory or cause IOMMU errors, e.g., these when running fio with a\nlarger queue depth against nvmet-pci-epf:\n\n arm-smmu-v3 fc900000.iommu: 0x0000010000000010\n arm-smmu-v3 fc900000.iommu: 0x0000020000000000\n arm-smmu-v3 fc900000.iommu: 0x000000090000f040\n arm-smmu-v3 fc900000.iommu: 0x0000000000000000\n arm-smmu-v3 fc900000.iommu: event: F_TRANSLATION client: 0000:01:00.0 sid: 0x100 ssid: 0x0 iova: 0x90000f040 ipa: 0x0\n arm-smmu-v3 fc900000.iommu: unpriv data write s1 \"Input address caused fault\" stag: 0x0\n\nFlush the write by performing a readl() of the same address to ensure that\nthe write has reached the destination before the ATU entry is unmapped.\n\nThe same problem was solved for dw_pcie_ep_raise_msi_irq() in commit\n8719c64e76bf (\"PCI: dwc: ep: Cache MSI outbound iATU mapping\"), but there\nit was solved by dedicating an outbound iATU only for MSI. We can\u0027t do the\nsame for MSI-X because each vector can have a different msg_addr and the\nmsg_addr may be changed while the vector is masked.\n\n[bhelgaas: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23361",
"url": "https://www.suse.com/security/cve/CVE-2026-23361"
},
{
"category": "external",
"summary": "SUSE Bug 1260732 for CVE-2026-23361",
"url": "https://bugzilla.suse.com/1260732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23361"
},
{
"cve": "CVE-2026-23379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: fix divide by zero in the offload path\n\nOffloading ETS requires computing each class\u0027 WRR weight: this is done by\naveraging over the sums of quanta as \u0027q_sum\u0027 and \u0027q_psum\u0027. Using unsigned\nint, the same integer size as the individual DRR quanta, can overflow and\neven cause division by zero, like it happened in the following splat:\n\n Oops: divide error: 0000 [#1] SMP PTI\n CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G E 6.19.0-virtme #45 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ets_qdisc_change+0x870/0xf40 [sch_ets]\n qdisc_create+0x12b/0x540\n tc_modify_qdisc+0x6d7/0xbd0\n rtnetlink_rcv_msg+0x168/0x6b0\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x1d6/0x2b0\n netlink_sendmsg+0x22e/0x470\n ____sys_sendmsg+0x38a/0x3c0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x111/0xf80\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f440b81c77e\n Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e\n RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003\n RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8\n R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980\n \u003c/TASK\u003e\n Modules linked in: sch_ets(E) netdevsim(E)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n\nFix this using 64-bit integers for \u0027q_sum\u0027 and \u0027q_psum\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23379",
"url": "https://www.suse.com/security/cve/CVE-2026-23379"
},
{
"category": "external",
"summary": "SUSE Bug 1260481 for CVE-2026-23379",
"url": "https://bugzilla.suse.com/1260481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23379"
},
{
"cve": "CVE-2026-23381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23381"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n \u003cIRQ\u003e\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23381",
"url": "https://www.suse.com/security/cve/CVE-2026-23381"
},
{
"category": "external",
"summary": "SUSE Bug 1260471 for CVE-2026-23381",
"url": "https://bugzilla.suse.com/1260471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23381"
},
{
"cve": "CVE-2026-23383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23383"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing\n\nstruct bpf_plt contains a u64 target field. Currently, the BPF JIT\nallocator requests an alignment of 4 bytes (sizeof(u32)) for the JIT\nbuffer.\n\nBecause the base address of the JIT buffer can be 4-byte aligned (e.g.,\nending in 0x4 or 0xc), the relative padding logic in build_plt() fails\nto ensure that target lands on an 8-byte boundary.\n\nThis leads to two issues:\n1. UBSAN reports misaligned-access warnings when dereferencing the\n structure.\n2. More critically, target is updated concurrently via WRITE_ONCE() in\n bpf_arch_text_poke() while the JIT\u0027d code executes ldr. On arm64,\n 64-bit loads/stores are only guaranteed to be single-copy atomic if\n they are 64-bit aligned. A misaligned target risks a torn read,\n causing the JIT to jump to a corrupted address.\n\nFix this by increasing the allocation alignment requirement to 8 bytes\n(sizeof(u64)) in bpf_jit_binary_pack_alloc(). This anchors the base of\nthe JIT buffer to an 8-byte boundary, allowing the relative padding math\nin build_plt() to correctly align the target field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23383",
"url": "https://www.suse.com/security/cve/CVE-2026-23383"
},
{
"category": "external",
"summary": "SUSE Bug 1260497 for CVE-2026-23383",
"url": "https://bugzilla.suse.com/1260497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23383"
},
{
"cve": "CVE-2026-23386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL\n\nIn DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA\nbuffer cleanup path. It iterates num_bufs times and attempts to unmap\nentries in the dma array.\n\nThis leads to two issues:\n1. The dma array shares storage with tx_qpl_buf_ids (union).\n Interpreting buffer IDs as DMA addresses results in attempting to\n unmap incorrect memory locations.\n2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed\n the size of the dma array, causing out-of-bounds access warnings\n(trace below is how we noticed this issue).\n\nUBSAN: array-index-out-of-bounds in\ndrivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c:178:5 index 18 is out of\nrange for type \u0027dma_addr_t[18]\u0027 (aka \u0027unsigned long long[18]\u0027)\nWorkqueue: gve gve_service_task [gve]\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x33/0xa0\n__ubsan_handle_out_of_bounds+0xdc/0x110\ngve_tx_stop_ring_dqo+0x182/0x200 [gve]\ngve_close+0x1be/0x450 [gve]\ngve_reset+0x99/0x120 [gve]\ngve_service_task+0x61/0x100 [gve]\nprocess_scheduled_works+0x1e9/0x380\n\nFix this by properly checking for QPL mode and delegating to\ngve_free_tx_qpl_bufs() to reclaim the buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23386",
"url": "https://www.suse.com/security/cve/CVE-2026-23386"
},
{
"category": "external",
"summary": "SUSE Bug 1260799 for CVE-2026-23386",
"url": "https://bugzilla.suse.com/1260799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23386"
},
{
"cve": "CVE-2026-23395",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23395"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ\n\nCurrently the code attempts to accept requests regardless of the\ncommand identifier which may cause multiple requests to be marked\nas pending (FLAG_DEFER_SETUP) which can cause more than\nL2CAP_ECRED_MAX_CID(5) to be allocated in l2cap_ecred_rsp_defer\ncausing an overflow.\n\nThe spec is quite clear that the same identifier shall not be used on\nsubsequent requests:\n\n\u0027Within each signaling channel a different Identifier shall be used\nfor each successive request or indication.\u0027\nhttps://www.bluetooth.com/wp-content/uploads/Files/Specification/HTML/Core-62/out/en/host/logical-link-control-and-adaptation-protocol-specification.html#UUID-32a25a06-4aa4-c6c7-77c5-dcfe3682355d\n\nSo this attempts to check if there are any channels pending with the\nsame identifier and rejects if any are found.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23395",
"url": "https://www.suse.com/security/cve/CVE-2026-23395"
},
{
"category": "external",
"summary": "SUSE Bug 1260580 for CVE-2026-23395",
"url": "https://bugzilla.suse.com/1260580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23395"
},
{
"cve": "CVE-2026-23398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23398"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: fix NULL pointer dereference in icmp_tag_validation()\n\nicmp_tag_validation() unconditionally dereferences the result of\nrcu_dereference(inet_protos[proto]) without checking for NULL.\nThe inet_protos[] array is sparse -- only about 15 of 256 protocol\nnumbers have registered handlers. When ip_no_pmtu_disc is set to 3\n(hardened PMTU mode) and the kernel receives an ICMP Fragmentation\nNeeded error with a quoted inner IP header containing an unregistered\nprotocol number, the NULL dereference causes a kernel panic in\nsoftirq context.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143)\n Call Trace:\n \u003cIRQ\u003e\n icmp_rcv (net/ipv4/icmp.c:1527)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (net/ipv4/ip_input.c:242)\n ip_local_deliver (net/ipv4/ip_input.c:262)\n ip_rcv (net/ipv4/ip_input.c:573)\n __netif_receive_skb_one_core (net/core/dev.c:6164)\n process_backlog (net/core/dev.c:6628)\n handle_softirqs (kernel/softirq.c:561)\n \u003c/IRQ\u003e\n\nAdd a NULL check before accessing icmp_strict_tag_validation. If the\nprotocol has no registered handler, return false since it cannot\nperform strict tag validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23398",
"url": "https://www.suse.com/security/cve/CVE-2026-23398"
},
{
"category": "external",
"summary": "SUSE Bug 1260730 for CVE-2026-23398",
"url": "https://bugzilla.suse.com/1260730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23398"
},
{
"cve": "CVE-2026-23412",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23412"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: defer hook memory release until rcu readers are done\n\nYiming Qian reports UaF when concurrent process is dumping hooks via\nnfnetlink_hooks:\n\nBUG: KASAN: slab-use-after-free in nfnl_hook_dump_one.isra.0+0xe71/0x10f0\nRead of size 8 at addr ffff888003edbf88 by task poc/79\nCall Trace:\n \u003cTASK\u003e\n nfnl_hook_dump_one.isra.0+0xe71/0x10f0\n netlink_dump+0x554/0x12b0\n nfnl_hook_get+0x176/0x230\n [..]\n\nDefer release until after concurrent readers have completed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23412",
"url": "https://www.suse.com/security/cve/CVE-2026-23412"
},
{
"category": "external",
"summary": "SUSE Bug 1261412 for CVE-2026-23412",
"url": "https://bugzilla.suse.com/1261412"
},
{
"category": "external",
"summary": "SUSE Bug 1261579 for CVE-2026-23412",
"url": "https://bugzilla.suse.com/1261579"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-23412"
},
{
"cve": "CVE-2026-23413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23413"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclsact: Fix use-after-free in init/destroy rollback asymmetry\n\nFix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry.\nThe latter is achieved by first fully initializing a clsact instance, and\nthen in a second step having a replacement failure for the new clsact qdisc\ninstance. clsact_init() initializes ingress first and then takes care of the\negress part. This can fail midway, for example, via tcf_block_get_ext(). Upon\nfailure, the kernel will trigger the clsact_destroy() callback.\n\nCommit 1cb6f0bae504 (\"bpf: Fix too early release of tcx_entry\") details the\nway how the transition is happening. If tcf_block_get_ext on the q-\u003eingress_block\nends up failing, we took the tcx_miniq_inc reference count on the ingress\nside, but not yet on the egress side. clsact_destroy() tests whether the\n{ingress,egress}_entry was non-NULL. However, even in midway failure on the\nreplacement, both are in fact non-NULL with a valid egress_entry from the\nprevious clsact instance.\n\nWhat we really need to test for is whether the qdisc instance-specific ingress\nor egress side previously got initialized. This adds a small helper for checking\nthe miniq initialization called mini_qdisc_pair_inited, and utilizes that upon\nclsact_destroy() in order to fix the use-after-free scenario. Convert the\ningress_destroy() side as well so both are consistent to each other.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23413",
"url": "https://www.suse.com/security/cve/CVE-2026-23413"
},
{
"category": "external",
"summary": "SUSE Bug 1261498 for CVE-2026-23413",
"url": "https://bugzilla.suse.com/1261498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23413"
},
{
"cve": "CVE-2026-23414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Purge async_hold in tls_decrypt_async_wait()\n\nThe async_hold queue pins encrypted input skbs while\nthe AEAD engine references their scatterlist data. Once\ntls_decrypt_async_wait() returns, every AEAD operation\nhas completed and the engine no longer references those\nskbs, so they can be freed unconditionally.\n\nA subsequent patch adds batch async decryption to\ntls_sw_read_sock(), introducing a new call site that\nmust drain pending AEAD operations and release held\nskbs. Move __skb_queue_purge(\u0026ctx-\u003easync_hold) into\ntls_decrypt_async_wait() so the purge is centralized\nand every caller -- recvmsg\u0027s drain path, the -EBUSY\nfallback in tls_do_decryption(), and the new read_sock\nbatch path -- releases held skbs on synchronization\nwithout each site managing the purge independently.\n\nThis fixes a leak when tls_strp_msg_hold() fails part-way through,\nafter having added some cloned skbs to the async_hold\nqueue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to\nprocess all pending decrypts, and drop back to synchronous mode, but\ntls_sw_recvmsg() only flushes the async_hold queue when one record has\nbeen processed in \"fully-async\" mode, which may not be the case here.\n\n[pabeni@redhat.com: added leak comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23414",
"url": "https://www.suse.com/security/cve/CVE-2026-23414"
},
{
"category": "external",
"summary": "SUSE Bug 1261496 for CVE-2026-23414",
"url": "https://bugzilla.suse.com/1261496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23414"
},
{
"cve": "CVE-2026-23419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23419"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix circular locking dependency in rds_tcp_tune\n\nsyzbot reported a circular locking dependency in rds_tcp_tune() where\nsk_net_refcnt_upgrade() is called while holding the socket lock:\n\n======================================================\nWARNING: possible circular locking dependency detected\n======================================================\nkworker/u10:8/15040 is trying to acquire lock:\nffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},\nat: __kmalloc_cache_noprof+0x4b/0x6f0\n\nbut task is already holding lock:\nffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},\nat: rds_tcp_tune+0xd7/0x930\n\nThe issue occurs because sk_net_refcnt_upgrade() performs memory\nallocation (via get_net_track() -\u003e ref_tracker_alloc()) while the\nsocket lock is held, creating a circular dependency with fs_reclaim.\n\nFix this by moving sk_net_refcnt_upgrade() outside the socket lock\ncritical section. This is safe because the fields modified by the\nsk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not\naccessed by any concurrent code path at this point.\n\nv2:\n - Corrected fixes tag\n - check patch line wrap nits\n - ai commentary nits",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23419",
"url": "https://www.suse.com/security/cve/CVE-2026-23419"
},
{
"category": "external",
"summary": "SUSE Bug 1261507 for CVE-2026-23419",
"url": "https://bugzilla.suse.com/1261507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "moderate"
}
],
"title": "CVE-2026-23419"
},
{
"cve": "CVE-2026-31788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: restrict usage in unprivileged domU\n\nThe Xen privcmd driver allows to issue arbitrary hypercalls from\nuser space processes. This is normally no problem, as access is\nusually limited to root and the hypervisor will deny any hypercalls\naffecting other domains.\n\nIn case the guest is booted using secure boot, however, the privcmd\ndriver would be enabling a root user process to modify e.g. kernel\nmemory contents, thus breaking the secure boot feature.\n\nThe only known case where an unprivileged domU is really needing to\nuse the privcmd driver is the case when it is acting as the device\nmodel for another guest. In this case all hypercalls issued via the\nprivcmd driver will target that other guest.\n\nFortunately the privcmd driver can already be locked down to allow\nonly hypercalls targeting a specific domain, but this mode can be\nactivated from user land only today.\n\nThe target domain can be obtained from Xenstore, so when not running\nin dom0 restrict the privcmd driver to that target domain from the\nbeginning, resolving the potential problem of breaking secure boot.\n\nThis is XSA-482\n\n---\nV2:\n- defer reading from Xenstore if Xenstore isn\u0027t ready yet (Jan Beulich)\n- wait in open() if target domain isn\u0027t known yet\n- issue message in case no target domain found (Jan Beulich)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31788",
"url": "https://www.suse.com/security/cve/CVE-2026-31788"
},
{
"category": "external",
"summary": "SUSE Bug 1259707 for CVE-2026-31788",
"url": "https://bugzilla.suse.com/1259707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.aarch64",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.aarch64",
"SUSE Linux Micro 6.0:kernel-default-base-6.4.0-41.1.21.18.x86_64",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.s390x",
"SUSE Linux Micro 6.0:kernel-default-livepatch-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-devel-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-kvmsmall-6.4.0-41.1.x86_64",
"SUSE Linux Micro 6.0:kernel-macros-6.4.0-41.1.noarch",
"SUSE Linux Micro 6.0:kernel-source-6.4.0-41.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-13T18:28:29Z",
"details": "important"
}
],
"title": "CVE-2026-31788"
}
]
}
SUSE-SU-2026:21237-1
Vulnerability from csaf_suse - Published: 2026-04-20 15:44 - Updated: 2026-04-20 15:44Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
- CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759).
- CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708).
- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
- CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301).
- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
- CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
- CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
- CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).
- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
- CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490).
- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
- CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).
- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
- CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
- CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).
- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).
The following non security issues were fixed:
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
- KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
- Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
- Update config files (bsc#1254307).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
- bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
- bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
- btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459).
- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
- drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
- drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).
- firmware: microchip: fail auto-update probe if no flash found (git-fixes).
- kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
- nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).
- nvme: expose active quirks in sysfs (bsc#1243208).
- nvme: fix memory leak in quirks_param_set() (bsc#1243208).
- powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
- powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).
- s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
- scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
- scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
- scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
- scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
- scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
- scsi: fnic: Add stats and related functionality (jsc#PED-15441).
- scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).
- scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
- scsi: fnic: Code cleanup (jsc#PED-15441).
- scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441).
- scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).
- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441).
- scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
- scsi: fnic: Increment driver version (jsc#PED-15441).
- scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
- scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
- scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441).
- scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).
- scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
- scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
- scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).
- scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).
- scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).
- scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
- scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441).
- scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
- scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).
- scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).
- scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).
- scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
- scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
- scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).
- scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042).
- selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
- tg3: Fix race for querying speed/duplex (bsc#1257183).
- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
Patchnames: SUSE-SL-Micro-6.2-596
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.8 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.1 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.9 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.7 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.3 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).\n- CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).\n- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).\n- CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759).\n- CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708).\n- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).\n- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).\n- CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).\n- CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301).\n- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).\n- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains (bsc#1258330).\n- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).\n- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).\n- CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).\n- CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).\n- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).\n- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).\n- CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).\n- CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).\n- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).\n- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).\n- CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).\n- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).\n- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-\u003enelems before insertion (bsc#1260009).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).\n- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).\n- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).\n- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).\n- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).\n- CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490).\n- CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).\n- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).\n- CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).\n- CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).\n- CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).\n- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).\n- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).\n- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).\n- CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).\n- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).\n- CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).\n- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).\n- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).\n- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).\n- CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).\n- CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).\n- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).\n\nThe following non security issues were fixed:\n\n- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).\n- KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).\n- Revert \"drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129).\"\n- Update config files (bsc#1254307).\n- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).\n- apparmor: fix differential encoding verification (bsc#1258849).\n- apparmor: fix memory leak in verify_header (bsc#1258849).\n- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).\n- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).\n- apparmor: fix race on rawdata dereference (bsc#1258849).\n- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).\n- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).\n- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).\n- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).\n- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).\n- bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).\n- bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).\n- btrfs: only enforce free space tree if v1 cache is required for bs \u003c ps cases (bsc#1260459).\n- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).\n- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).\n- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).\n- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).\n- drm/i915/dsc: Add Selective Update register definitions (stable-fixes).\n- drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).\n- firmware: microchip: fail auto-update probe if no flash found (git-fixes).\n- kABI: Include trace recursion bits in kABI tracking (bsc#1258301).\n- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).\n- nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).\n- nvme: expose active quirks in sysfs (bsc#1243208).\n- nvme: fix memory leak in quirks_param_set() (bsc#1243208).\n- powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).\n- powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).\n- s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).\n- s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).\n- s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).\n- scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).\n- scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).\n- scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).\n- scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).\n- scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).\n- scsi: fnic: Add stats and related functionality (jsc#PED-15441).\n- scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).\n- scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).\n- scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).\n- scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).\n- scsi: fnic: Code cleanup (jsc#PED-15441).\n- scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).\n- scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441).\n- scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).\n- scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441).\n- scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).\n- scsi: fnic: Increment driver version (jsc#PED-15441).\n- scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).\n- scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).\n- scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441).\n- scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).\n- scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).\n- scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).\n- scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).\n- scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).\n- scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).\n- scsi: fnic: Replace fnic-\u003elock_flags with local flags (jsc#PED-15441).\n- scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441).\n- scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).\n- scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).\n- scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).\n- scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).\n- scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).\n- scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).\n- scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).\n- scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042).\n- selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).\n- selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).\n- tg3: Fix race for querying speed/duplex (bsc#1257183).\n- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SL-Micro-6.2-596",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21237-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21237-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621237-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21237-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045853.html"
},
{
"category": "self",
"summary": "SUSE Bug 1191256",
"url": "https://bugzilla.suse.com/1191256"
},
{
"category": "self",
"summary": "SUSE Bug 1191270",
"url": "https://bugzilla.suse.com/1191270"
},
{
"category": "self",
"summary": "SUSE Bug 1194778",
"url": "https://bugzilla.suse.com/1194778"
},
{
"category": "self",
"summary": "SUSE Bug 1207184",
"url": "https://bugzilla.suse.com/1207184"
},
{
"category": "self",
"summary": "SUSE Bug 1217845",
"url": "https://bugzilla.suse.com/1217845"
},
{
"category": "self",
"summary": "SUSE Bug 1222768",
"url": "https://bugzilla.suse.com/1222768"
},
{
"category": "self",
"summary": "SUSE Bug 1243208",
"url": "https://bugzilla.suse.com/1243208"
},
{
"category": "self",
"summary": "SUSE Bug 1252073",
"url": "https://bugzilla.suse.com/1252073"
},
{
"category": "self",
"summary": "SUSE Bug 1253129",
"url": "https://bugzilla.suse.com/1253129"
},
{
"category": "self",
"summary": "SUSE Bug 1254214",
"url": "https://bugzilla.suse.com/1254214"
},
{
"category": "self",
"summary": "SUSE Bug 1254306",
"url": "https://bugzilla.suse.com/1254306"
},
{
"category": "self",
"summary": "SUSE Bug 1254307",
"url": "https://bugzilla.suse.com/1254307"
},
{
"category": "self",
"summary": "SUSE Bug 1255084",
"url": "https://bugzilla.suse.com/1255084"
},
{
"category": "self",
"summary": "SUSE Bug 1255687",
"url": "https://bugzilla.suse.com/1255687"
},
{
"category": "self",
"summary": "SUSE Bug 1256647",
"url": "https://bugzilla.suse.com/1256647"
},
{
"category": "self",
"summary": "SUSE Bug 1257183",
"url": "https://bugzilla.suse.com/1257183"
},
{
"category": "self",
"summary": "SUSE Bug 1257511",
"url": "https://bugzilla.suse.com/1257511"
},
{
"category": "self",
"summary": "SUSE Bug 1257708",
"url": "https://bugzilla.suse.com/1257708"
},
{
"category": "self",
"summary": "SUSE Bug 1257773",
"url": "https://bugzilla.suse.com/1257773"
},
{
"category": "self",
"summary": "SUSE Bug 1257777",
"url": "https://bugzilla.suse.com/1257777"
},
{
"category": "self",
"summary": "SUSE Bug 1258175",
"url": "https://bugzilla.suse.com/1258175"
},
{
"category": "self",
"summary": "SUSE Bug 1258280",
"url": "https://bugzilla.suse.com/1258280"
},
{
"category": "self",
"summary": "SUSE Bug 1258293",
"url": "https://bugzilla.suse.com/1258293"
},
{
"category": "self",
"summary": "SUSE Bug 1258301",
"url": "https://bugzilla.suse.com/1258301"
},
{
"category": "self",
"summary": "SUSE Bug 1258305",
"url": "https://bugzilla.suse.com/1258305"
},
{
"category": "self",
"summary": "SUSE Bug 1258330",
"url": "https://bugzilla.suse.com/1258330"
},
{
"category": "self",
"summary": "SUSE Bug 1258337",
"url": "https://bugzilla.suse.com/1258337"
},
{
"category": "self",
"summary": "SUSE Bug 1258340",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "self",
"summary": "SUSE Bug 1258414",
"url": "https://bugzilla.suse.com/1258414"
},
{
"category": "self",
"summary": "SUSE Bug 1258447",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "self",
"summary": "SUSE Bug 1258476",
"url": "https://bugzilla.suse.com/1258476"
},
{
"category": "self",
"summary": "SUSE Bug 1258849",
"url": "https://bugzilla.suse.com/1258849"
},
{
"category": "self",
"summary": "SUSE Bug 1259188",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "self",
"summary": "SUSE Bug 1259461",
"url": "https://bugzilla.suse.com/1259461"
},
{
"category": "self",
"summary": "SUSE Bug 1259484",
"url": "https://bugzilla.suse.com/1259484"
},
{
"category": "self",
"summary": "SUSE Bug 1259485",
"url": "https://bugzilla.suse.com/1259485"
},
{
"category": "self",
"summary": "SUSE Bug 1259580",
"url": "https://bugzilla.suse.com/1259580"
},
{
"category": "self",
"summary": "SUSE Bug 1259707",
"url": "https://bugzilla.suse.com/1259707"
},
{
"category": "self",
"summary": "SUSE Bug 1259759",
"url": "https://bugzilla.suse.com/1259759"
},
{
"category": "self",
"summary": "SUSE Bug 1259795",
"url": "https://bugzilla.suse.com/1259795"
},
{
"category": "self",
"summary": "SUSE Bug 1259797",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "self",
"summary": "SUSE Bug 1259870",
"url": "https://bugzilla.suse.com/1259870"
},
{
"category": "self",
"summary": "SUSE Bug 1259886",
"url": "https://bugzilla.suse.com/1259886"
},
{
"category": "self",
"summary": "SUSE Bug 1259891",
"url": "https://bugzilla.suse.com/1259891"
},
{
"category": "self",
"summary": "SUSE Bug 1259955",
"url": "https://bugzilla.suse.com/1259955"
},
{
"category": "self",
"summary": "SUSE Bug 1259997",
"url": "https://bugzilla.suse.com/1259997"
},
{
"category": "self",
"summary": "SUSE Bug 1259998",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "self",
"summary": "SUSE Bug 1260005",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "self",
"summary": "SUSE Bug 1260009",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "self",
"summary": "SUSE Bug 1260347",
"url": "https://bugzilla.suse.com/1260347"
},
{
"category": "self",
"summary": "SUSE Bug 1260459",
"url": "https://bugzilla.suse.com/1260459"
},
{
"category": "self",
"summary": "SUSE Bug 1260464",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "self",
"summary": "SUSE Bug 1260471",
"url": "https://bugzilla.suse.com/1260471"
},
{
"category": "self",
"summary": "SUSE Bug 1260481",
"url": "https://bugzilla.suse.com/1260481"
},
{
"category": "self",
"summary": "SUSE Bug 1260486",
"url": "https://bugzilla.suse.com/1260486"
},
{
"category": "self",
"summary": "SUSE Bug 1260490",
"url": "https://bugzilla.suse.com/1260490"
},
{
"category": "self",
"summary": "SUSE Bug 1260497",
"url": "https://bugzilla.suse.com/1260497"
},
{
"category": "self",
"summary": "SUSE Bug 1260500",
"url": "https://bugzilla.suse.com/1260500"
},
{
"category": "self",
"summary": "SUSE Bug 1260522",
"url": "https://bugzilla.suse.com/1260522"
},
{
"category": "self",
"summary": "SUSE Bug 1260527",
"url": "https://bugzilla.suse.com/1260527"
},
{
"category": "self",
"summary": "SUSE Bug 1260544",
"url": "https://bugzilla.suse.com/1260544"
},
{
"category": "self",
"summary": "SUSE Bug 1260550",
"url": "https://bugzilla.suse.com/1260550"
},
{
"category": "self",
"summary": "SUSE Bug 1260606",
"url": "https://bugzilla.suse.com/1260606"
},
{
"category": "self",
"summary": "SUSE Bug 1260730",
"url": "https://bugzilla.suse.com/1260730"
},
{
"category": "self",
"summary": "SUSE Bug 1260732",
"url": "https://bugzilla.suse.com/1260732"
},
{
"category": "self",
"summary": "SUSE Bug 1260735",
"url": "https://bugzilla.suse.com/1260735"
},
{
"category": "self",
"summary": "SUSE Bug 1260799",
"url": "https://bugzilla.suse.com/1260799"
},
{
"category": "self",
"summary": "SUSE Bug 1261496",
"url": "https://bugzilla.suse.com/1261496"
},
{
"category": "self",
"summary": "SUSE Bug 1261498",
"url": "https://bugzilla.suse.com/1261498"
},
{
"category": "self",
"summary": "SUSE Bug 1261506",
"url": "https://bugzilla.suse.com/1261506"
},
{
"category": "self",
"summary": "SUSE Bug 1261507",
"url": "https://bugzilla.suse.com/1261507"
},
{
"category": "self",
"summary": "SUSE Bug 1261669",
"url": "https://bugzilla.suse.com/1261669"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-39998 page",
"url": "https://www.suse.com/security/cve/CVE-2025-39998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-40253 page",
"url": "https://www.suse.com/security/cve/CVE-2025-40253/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68794 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68794/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-71239 page",
"url": "https://www.suse.com/security/cve/CVE-2025-71239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23072 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23072/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23103 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23103/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23120 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23125 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23125/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23138 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23140 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23140/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23187 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23187/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23193 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23201 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23204 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23215 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23216 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23216/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23231 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23239 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23239/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23240 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23240/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23242 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23242/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23255 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23255/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23262 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23262/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23270 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23270/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23272 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23272/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23277 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23277/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23278 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23278/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23281 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23292 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23292/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23293 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23293/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23297 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23304 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23304/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23319 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23319/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23326 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23326/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23335 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23343 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23343/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23361 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23379 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23381 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23381/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23383 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23383/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23386 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23393 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23393/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23398 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23398/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23413 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23413/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23414 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23414/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23419 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23419/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23425 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23425/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31788 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31788/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-04-20T15:44:52Z",
"generator": {
"date": "2026-04-20T15:44:52Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21237-1",
"initial_release_date": "2026-04-20T15:44:52Z",
"revision_history": [
{
"date": "2026-04-20T15:44:52Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-64kb-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-64kb-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-64kb-6.12.0-160000.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-64kb-devel-6.12.0-160000.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-default-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-default-6.12.0-160000.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"product": {
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"product_id": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-default-devel-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-default-devel-6.12.0-160000.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-default-extra-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-default-extra-6.12.0-160000.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-rt-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-rt-6.12.0-160000.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"product": {
"name": "kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"product_id": "kernel-rt-devel-6.12.0-160000.28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.12.0-160000.28.1.noarch",
"product": {
"name": "kernel-devel-6.12.0-160000.28.1.noarch",
"product_id": "kernel-devel-6.12.0-160000.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.12.0-160000.28.1.noarch",
"product": {
"name": "kernel-macros-6.12.0-160000.28.1.noarch",
"product_id": "kernel-macros-6.12.0-160000.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-6.12.0-160000.28.1.noarch",
"product": {
"name": "kernel-source-6.12.0-160000.28.1.noarch",
"product_id": "kernel-source-6.12.0-160000.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.28.1.ppc64le",
"product": {
"name": "kernel-default-6.12.0-160000.28.1.ppc64le",
"product_id": "kernel-default-6.12.0-160000.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"product": {
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"product_id": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"product": {
"name": "kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"product_id": "kernel-default-devel-6.12.0-160000.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"product": {
"name": "kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"product_id": "kernel-default-extra-6.12.0-160000.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"product_id": "kernel-default-livepatch-6.12.0-160000.28.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.28.1.s390x",
"product": {
"name": "kernel-default-6.12.0-160000.28.1.s390x",
"product_id": "kernel-default-6.12.0-160000.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.28.1.s390x",
"product": {
"name": "kernel-default-devel-6.12.0-160000.28.1.s390x",
"product_id": "kernel-default-devel-6.12.0-160000.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.28.1.s390x",
"product": {
"name": "kernel-default-extra-6.12.0-160000.28.1.s390x",
"product_id": "kernel-default-extra-6.12.0-160000.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"product_id": "kernel-default-livepatch-6.12.0-160000.28.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-default-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-default-6.12.0-160000.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"product": {
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"product_id": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-default-devel-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-default-devel-6.12.0-160000.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-default-extra-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-default-extra-6.12.0-160000.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-default-livepatch-6.12.0-160000.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-rt-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-rt-6.12.0-160000.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-rt-devel-6.12.0-160000.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"product_id": "kernel-rt-livepatch-6.12.0-160000.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-64kb-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-64kb-devel-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-default-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.28.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le"
},
"product_reference": "kernel-default-6.12.0-160000.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.28.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x"
},
"product_reference": "kernel-default-6.12.0-160000.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-default-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64"
},
"product_reference": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le"
},
"product_reference": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64"
},
"product_reference": "kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-default-devel-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.28.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le"
},
"product_reference": "kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.28.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x"
},
"product_reference": "kernel-default-devel-6.12.0-160000.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-default-devel-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-default-extra-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.28.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le"
},
"product_reference": "kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.28.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x"
},
"product_reference": "kernel-default-extra-6.12.0-160000.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-default-extra-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.28.1.ppc64le as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.28.1.s390x as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.12.0-160000.28.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch"
},
"product_reference": "kernel-devel-6.12.0-160000.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.12.0-160000.28.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch"
},
"product_reference": "kernel-macros-6.12.0-160000.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-rt-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-rt-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.12.0-160000.28.1.aarch64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64"
},
"product_reference": "kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-livepatch-6.12.0-160000.28.1.x86_64 as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64"
},
"product_reference": "kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.12.0-160000.28.1.noarch as component of SUSE Linux Micro 6.2",
"product_id": "SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
},
"product_reference": "kernel-source-6.12.0-160000.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Micro 6.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-39998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-39998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-39998",
"url": "https://www.suse.com/security/cve/CVE-2025-39998"
},
{
"category": "external",
"summary": "SUSE Bug 1252073 for CVE-2025-39998",
"url": "https://bugzilla.suse.com/1252073"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-39998"
},
{
"cve": "CVE-2025-40253",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-40253"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/ctcm: Fix double-kfree\n\nThe function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027 is called conditionally\nfrom function \u0027ctcmpc_unpack_skb\u0027. It frees passed mpcginfo.\nAfter that a call to function \u0027kfree\u0027 in function \u0027ctcmpc_unpack_skb\u0027\nfrees it again.\n\nRemove \u0027kfree\u0027 call in function \u0027mpc_rcvd_sweep_req(mpcginfo)\u0027.\n\nBug detected by the clang static analyzer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-40253",
"url": "https://www.suse.com/security/cve/CVE-2025-40253"
},
{
"category": "external",
"summary": "SUSE Bug 1255084 for CVE-2025-40253",
"url": "https://bugzilla.suse.com/1255084"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-40253"
},
{
"cve": "CVE-2025-68794",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68794"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: adjust read range correctly for non-block-aligned positions\n\niomap_adjust_read_range() assumes that the position and length passed in\nare block-aligned. This is not always the case however, as shown in the\nsyzbot generated case for erofs. This causes too many bytes to be\nskipped for uptodate blocks, which results in returning the incorrect\nposition and length to read in. If all the blocks are uptodate, this\nunderflows length and returns a position beyond the folio.\n\nFix the calculation to also take into account the block offset when\ncalculating how many bytes can be skipped for uptodate blocks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68794",
"url": "https://www.suse.com/security/cve/CVE-2025-68794"
},
{
"category": "external",
"summary": "SUSE Bug 1256647 for CVE-2025-68794",
"url": "https://bugzilla.suse.com/1256647"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2025-68794"
},
{
"cve": "CVE-2025-71239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-71239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naudit: add fchmodat2() to change attributes class\n\nfchmodat2(), introduced in version 6.6 is currently not in the change\nattribute class of audit. Calling fchmodat2() to change a file\nattribute in the same fashion than chmod() or fchmodat() will bypass\naudit rules such as:\n\n-w /tmp/test -p rwa -k test_rwa\n\nThe current patch adds fchmodat2() to the change attributes class.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-71239",
"url": "https://www.suse.com/security/cve/CVE-2025-71239"
},
{
"category": "external",
"summary": "SUSE Bug 1259759 for CVE-2025-71239",
"url": "https://bugzilla.suse.com/1259759"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "low"
}
],
"title": "CVE-2025-71239"
},
{
"cve": "CVE-2026-23072",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23072"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: Fix memleak in l2tp_udp_encap_recv().\n\nsyzbot reported memleak of struct l2tp_session, l2tp_tunnel,\nsock, etc. [0]\n\nThe cited commit moved down the validation of the protocol\nversion in l2tp_udp_encap_recv().\n\nThe new place requires an extra error handling to avoid the\nmemleak.\n\nLet\u0027s call l2tp_session_put() there.\n\n[0]:\nBUG: memory leak\nunreferenced object 0xffff88810a290200 (size 512):\n comm \"syz.0.17\", pid 6086, jiffies 4294944299\n hex dump (first 32 bytes):\n 7d eb 04 0c 00 00 00 00 01 00 00 00 00 00 00 00 }...............\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc babb6a4f):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4958 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n __do_kmalloc_node mm/slub.c:5656 [inline]\n __kmalloc_noprof+0x3e0/0x660 mm/slub.c:5669\n kmalloc_noprof include/linux/slab.h:961 [inline]\n kzalloc_noprof include/linux/slab.h:1094 [inline]\n l2tp_session_create+0x3a/0x3b0 net/l2tp/l2tp_core.c:1778\n pppol2tp_connect+0x48b/0x920 net/l2tp/l2tp_ppp.c:755\n __sys_connect_file+0x7a/0xb0 net/socket.c:2089\n __sys_connect+0xde/0x110 net/socket.c:2108\n __do_sys_connect net/socket.c:2114 [inline]\n __se_sys_connect net/socket.c:2111 [inline]\n __x64_sys_connect+0x1c/0x30 net/socket.c:2111\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23072",
"url": "https://www.suse.com/security/cve/CVE-2026-23072"
},
{
"category": "external",
"summary": "SUSE Bug 1257708 for CVE-2026-23072",
"url": "https://bugzilla.suse.com/1257708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23072"
},
{
"cve": "CVE-2026-23103",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23103"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Make the addrs_lock be per port\n\nMake the addrs_lock be per port, not per ipvlan dev.\n\nInitial code seems to be written in the assumption,\nthat any address change must occur under RTNL.\nBut it is not so for the case of IPv6. So\n\n1) Introduce per-port addrs_lock.\n\n2) It was needed to fix places where it was forgotten\nto take lock (ipvlan_open/ipvlan_close)\n\nThis appears to be a very minor problem though.\nSince it\u0027s highly unlikely that ipvlan_add_addr() will\nbe called on 2 CPU simultaneously. But nevertheless,\nthis could cause:\n\n1) False-negative of ipvlan_addr_busy(): one interface\niterated through all port-\u003eipvlans + ipvlan-\u003eaddrs\nunder some ipvlan spinlock, and another added IP\nunder its own lock. Though this is only possible\nfor IPv6, since looks like only ipvlan_addr6_event() can be\ncalled without rtnl_lock.\n\n2) Race since ipvlan_ht_addr_add(port) is called under\ndifferent ipvlan-\u003eaddrs_lock locks\n\nThis should not affect performance, since add/remove IP\nis a rare situation and spinlock is not taken on fast\npaths.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23103",
"url": "https://www.suse.com/security/cve/CVE-2026-23103"
},
{
"category": "external",
"summary": "SUSE Bug 1257773 for CVE-2026-23103",
"url": "https://bugzilla.suse.com/1257773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23103"
},
{
"cve": "CVE-2026-23120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: avoid one data-race in l2tp_tunnel_del_work()\n\nWe should read sk-\u003esk_socket only when dealing with kernel sockets.\n\nsyzbot reported the following data-race:\n\nBUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release\n\nwrite to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0:\n sk_set_socket include/net/sock.h:2092 [inline]\n sock_orphan include/net/sock.h:2118 [inline]\n sk_common_release+0xae/0x230 net/core/sock.c:4003\n udp_lib_close+0x15/0x20 include/net/udp.h:325\n inet_release+0xce/0xf0 net/ipv4/af_inet.c:437\n __sock_release net/socket.c:662 [inline]\n sock_close+0x6b/0x150 net/socket.c:1455\n __fput+0x29b/0x650 fs/file_table.c:468\n ____fput+0x1c/0x30 fs/file_table.c:496\n task_work_run+0x131/0x1a0 kernel/task_work.c:233\n resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]\n exit_to_user_mode_loop+0x1fe/0x740 kernel/entry/common.c:75\n __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n do_syscall_64+0x1e1/0x2b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88811c182b20 of 8 bytes by task 827 on cpu 1:\n l2tp_tunnel_del_work+0x2f/0x1a0 net/l2tp/l2tp_core.c:1418\n process_one_work kernel/workqueue.c:3257 [inline]\n process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340\n worker_thread+0x582/0x770 kernel/workqueue.c:3421\n kthread+0x489/0x510 kernel/kthread.c:463\n ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nvalue changed: 0xffff88811b818000 -\u003e 0x0000000000000000",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23120",
"url": "https://www.suse.com/security/cve/CVE-2026-23120"
},
{
"category": "external",
"summary": "SUSE Bug 1258280 for CVE-2026-23120",
"url": "https://bugzilla.suse.com/1258280"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23120"
},
{
"cve": "CVE-2026-23125",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23125"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT\n\nA null-ptr-deref was reported in the SCTP transmit path when SCTP-AUTH key\ninitialization fails:\n\n ==================================================================\n KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n CPU: 0 PID: 16 Comm: ksoftirqd/0 Tainted: G W 6.6.0 #2\n RIP: 0010:sctp_packet_bundle_auth net/sctp/output.c:264 [inline]\n RIP: 0010:sctp_packet_append_chunk+0xb36/0x1260 net/sctp/output.c:401\n Call Trace:\n\n sctp_packet_transmit_chunk+0x31/0x250 net/sctp/output.c:189\n sctp_outq_flush_data+0xa29/0x26d0 net/sctp/outqueue.c:1111\n sctp_outq_flush+0xc80/0x1240 net/sctp/outqueue.c:1217\n sctp_cmd_interpreter.isra.0+0x19a5/0x62c0 net/sctp/sm_sideeffect.c:1787\n sctp_side_effects net/sctp/sm_sideeffect.c:1198 [inline]\n sctp_do_sm+0x1a3/0x670 net/sctp/sm_sideeffect.c:1169\n sctp_assoc_bh_rcv+0x33e/0x640 net/sctp/associola.c:1052\n sctp_inq_push+0x1dd/0x280 net/sctp/inqueue.c:88\n sctp_rcv+0x11ae/0x3100 net/sctp/input.c:243\n sctp6_rcv+0x3d/0x60 net/sctp/ipv6.c:1127\n\nThe issue is triggered when sctp_auth_asoc_init_active_key() fails in\nsctp_sf_do_5_1C_ack() while processing an INIT_ACK. In this case, the\ncommand sequence is currently:\n\n- SCTP_CMD_PEER_INIT\n- SCTP_CMD_TIMER_STOP (T1_INIT)\n- SCTP_CMD_TIMER_START (T1_COOKIE)\n- SCTP_CMD_NEW_STATE (COOKIE_ECHOED)\n- SCTP_CMD_ASSOC_SHKEY\n- SCTP_CMD_GEN_COOKIE_ECHO\n\nIf SCTP_CMD_ASSOC_SHKEY fails, asoc-\u003eshkey remains NULL, while\nasoc-\u003epeer.auth_capable and asoc-\u003epeer.peer_chunks have already been set by\nSCTP_CMD_PEER_INIT. This allows a DATA chunk with auth = 1 and shkey = NULL\nto be queued by sctp_datamsg_from_user().\n\nSince command interpretation stops on failure, no COOKIE_ECHO should been\nsent via SCTP_CMD_GEN_COOKIE_ECHO. However, the T1_COOKIE timer has already\nbeen started, and it may enqueue a COOKIE_ECHO into the outqueue later. As\na result, the DATA chunk can be transmitted together with the COOKIE_ECHO\nin sctp_outq_flush_data(), leading to the observed issue.\n\nSimilar to the other places where it calls sctp_auth_asoc_init_active_key()\nright after sctp_process_init(), this patch moves the SCTP_CMD_ASSOC_SHKEY\nimmediately after SCTP_CMD_PEER_INIT, before stopping T1_INIT and starting\nT1_COOKIE. This ensures that if shared key generation fails, authenticated\nDATA cannot be sent. It also allows the T1_INIT timer to retransmit INIT,\ngiving the client another chance to process INIT_ACK and retry key setup.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23125",
"url": "https://www.suse.com/security/cve/CVE-2026-23125"
},
{
"category": "external",
"summary": "SUSE Bug 1258293 for CVE-2026-23125",
"url": "https://bugzilla.suse.com/1258293"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23125"
},
{
"cve": "CVE-2026-23138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23138"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Add recursion protection in kernel stack trace recording\n\nA bug was reported about an infinite recursion caused by tracing the rcu\nevents with the kernel stack trace trigger enabled. The stack trace code\ncalled back into RCU which then called the stack trace again.\n\nExpand the ftrace recursion protection to add a set of bits to protect\nevents from recursion. Each bit represents the context that the event is\nin (normal, softirq, interrupt and NMI).\n\nHave the stack trace code use the interrupt context to protect against\nrecursion.\n\nNote, the bug showed an issue in both the RCU code as well as the tracing\nstacktrace code. This only handles the tracing stack trace side of the\nbug. The RCU fix will be handled separately.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23138",
"url": "https://www.suse.com/security/cve/CVE-2026-23138"
},
{
"category": "external",
"summary": "SUSE Bug 1258301 for CVE-2026-23138",
"url": "https://bugzilla.suse.com/1258301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23138"
},
{
"cve": "CVE-2026-23140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23140"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Subtract size of xdp_frame from allowed metadata size\n\nThe xdp_frame structure takes up part of the XDP frame headroom,\nlimiting the size of the metadata. However, in bpf_test_run, we don\u0027t\ntake this into account, which makes it possible for userspace to supply\na metadata size that is too large (taking up the entire headroom).\n\nIf userspace supplies such a large metadata size in live packet mode,\nthe xdp_update_frame_from_buff() call in xdp_test_run_init_page() call\nwill fail, after which packet transmission proceeds with an\nuninitialised frame structure, leading to the usual Bad Stuff.\n\nThe commit in the Fixes tag fixed a related bug where the second check\nin xdp_update_frame_from_buff() could fail, but did not add any\nadditional constraints on the metadata size. Complete the fix by adding\nan additional check on the metadata size. Reorder the checks slightly to\nmake the logic clearer and add a comment.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23140",
"url": "https://www.suse.com/security/cve/CVE-2026-23140"
},
{
"category": "external",
"summary": "SUSE Bug 1258305 for CVE-2026-23140",
"url": "https://bugzilla.suse.com/1258305"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23140"
},
{
"cve": "CVE-2026-23187",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23187"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains\n\nFix out-of-range access of bc-\u003edomains in imx8m_blk_ctrl_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23187",
"url": "https://www.suse.com/security/cve/CVE-2026-23187"
},
{
"category": "external",
"summary": "SUSE Bug 1258330 for CVE-2026-23187",
"url": "https://bugzilla.suse.com/1258330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23187"
},
{
"cve": "CVE-2026-23193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23193"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()\n\nIn iscsit_dec_session_usage_count(), the function calls complete() while\nholding the sess-\u003esession_usage_lock. Similar to the connection usage count\nlogic, the waiter signaled by complete() (e.g., in the session release\npath) may wake up and free the iscsit_session structure immediately.\n\nThis creates a race condition where the current thread may attempt to\nexecute spin_unlock_bh() on a session structure that has already been\ndeallocated, resulting in a KASAN slab-use-after-free.\n\nTo resolve this, release the session_usage_lock before calling complete()\nto ensure all dereferences of the sess pointer are finished before the\nwaiter is allowed to proceed with deallocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23193",
"url": "https://www.suse.com/security/cve/CVE-2026-23193"
},
{
"category": "external",
"summary": "SUSE Bug 1258414 for CVE-2026-23193",
"url": "https://bugzilla.suse.com/1258414"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23193"
},
{
"cve": "CVE-2026-23201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23201"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix oops due to invalid pointer for kfree() in parse_longname()\n\nThis fixes a kernel oops when reading ceph snapshot directories (.snap),\nfor example by simply running `ls /mnt/my_ceph/.snap`.\n\nThe variable str is guarded by __free(kfree), but advanced by one for\nskipping the initial \u0027_\u0027 in snapshot names. Thus, kfree() is called\nwith an invalid pointer. This patch removes the need for advancing the\npointer so kfree() is called with correct memory pointer.\n\nSteps to reproduce:\n\n1. Create snapshots on a cephfs volume (I\u0027ve 63 snaps in my testcase)\n\n2. Add cephfs mount to fstab\n$ echo \"samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6 /mnt/test/stuff ceph acl,noatime,_netdev 0 0\" \u003e\u003e /etc/fstab\n\n3. Reboot the system\n$ systemctl reboot\n\n4. Check if it\u0027s really mounted\n$ mount | grep stuff\n\n5. List snapshots (expected 63 snapshots on my system)\n$ ls /mnt/test/stuff/.snap\n\nNow ls hangs forever and the kernel log shows the oops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23201",
"url": "https://www.suse.com/security/cve/CVE-2026-23201"
},
{
"category": "external",
"summary": "SUSE Bug 1258337 for CVE-2026-23201",
"url": "https://bugzilla.suse.com/1258337"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23201"
},
{
"cve": "CVE-2026-23204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23204"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: cls_u32: use skb_header_pointer_careful()\n\nskb_header_pointer() does not fully validate negative @offset values.\n\nUse skb_header_pointer_careful() instead.\n\nGangMin Kim provided a report and a repro fooling u32_classify():\n\nBUG: KASAN: slab-out-of-bounds in u32_classify+0x1180/0x11b0\nnet/sched/cls_u32.c:221",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23204",
"url": "https://www.suse.com/security/cve/CVE-2026-23204"
},
{
"category": "external",
"summary": "SUSE Bug 1258340 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1258340"
},
{
"category": "external",
"summary": "SUSE Bug 1259126 for CVE-2026-23204",
"url": "https://bugzilla.suse.com/1259126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23204"
},
{
"cve": "CVE-2026-23215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23215"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmware: Fix hypercall clobbers\n\nFedora QA reported the following panic:\n\n BUG: unable to handle page fault for address: 0000000040003e54\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20251119-3.fc43 11/19/2025\n RIP: 0010:vmware_hypercall4.constprop.0+0x52/0x90\n ..\n Call Trace:\n vmmouse_report_events+0x13e/0x1b0\n psmouse_handle_byte+0x15/0x60\n ps2_interrupt+0x8a/0xd0\n ...\n\nbecause the QEMU VMware mouse emulation is buggy, and clears the top 32\nbits of %rdi that the kernel kept a pointer in.\n\nThe QEMU vmmouse driver saves and restores the register state in a\n\"uint32_t data[6];\" and as a result restores the state with the high\nbits all cleared.\n\nRDI originally contained the value of a valid kernel stack address\n(0xff5eeb3240003e54). After the vmware hypercall it now contains\n0x40003e54, and we get a page fault as a result when it is dereferenced.\n\nThe proper fix would be in QEMU, but this works around the issue in the\nkernel to keep old setups working, when old kernels had not happened to\nkeep any state in %rdi over the hypercall.\n\nIn theory this same issue exists for all the hypercalls in the vmmouse\ndriver; in practice it has only been seen with vmware_hypercall3() and\nvmware_hypercall4(). For now, just mark RDI/RSI as clobbered for those\ntwo calls. This should have a minimal effect on code generation overall\nas it should be rare for the compiler to want to make RDI/RSI live\nacross hypercalls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23215",
"url": "https://www.suse.com/security/cve/CVE-2026-23215"
},
{
"category": "external",
"summary": "SUSE Bug 1258476 for CVE-2026-23215",
"url": "https://bugzilla.suse.com/1258476"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23215"
},
{
"cve": "CVE-2026-23216",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23216"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn-\u003econn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23216",
"url": "https://www.suse.com/security/cve/CVE-2026-23216"
},
{
"category": "external",
"summary": "SUSE Bug 1258447 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258447"
},
{
"category": "external",
"summary": "SUSE Bug 1258448 for CVE-2026-23216",
"url": "https://bugzilla.suse.com/1258448"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23216"
},
{
"cve": "CVE-2026-23231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23231"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n under rcu_read_lock(). A concurrent dump can still be walking\n the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n installs the IPv4 hook before IPv6 registration fails. Packets\n entering nft_do_chain() via the transient IPv4 hook can still be\n dereferencing chain-\u003eblob_gen_X when the error path frees the\n chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23231",
"url": "https://www.suse.com/security/cve/CVE-2026-23231"
},
{
"category": "external",
"summary": "SUSE Bug 1259188 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259188"
},
{
"category": "external",
"summary": "SUSE Bug 1259189 for CVE-2026-23231",
"url": "https://bugzilla.suse.com/1259189"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23231"
},
{
"cve": "CVE-2026-23239",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23239"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nespintcp: Fix race condition in espintcp_close()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_work_sync() is called from espintcp_close(),\nespintcp_tx_work() can still be scheduled from paths such as\nthe Delayed ACK handler or ksoftirqd.\nAs a result, the espintcp_tx_work() worker may dereference a\nfreed espintcp ctx or sk.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\n espintcp_close()\n cancel_work_sync(\u0026ctx-\u003ework);\n espintcp_write_space()\n schedule_work(\u0026ctx-\u003ework);\n\nTo prevent this race condition, cancel_work_sync() is\nreplaced with disable_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23239",
"url": "https://www.suse.com/security/cve/CVE-2026-23239"
},
{
"category": "external",
"summary": "SUSE Bug 1259485 for CVE-2026-23239",
"url": "https://bugzilla.suse.com/1259485"
},
{
"category": "external",
"summary": "SUSE Bug 1262405 for CVE-2026-23239",
"url": "https://bugzilla.suse.com/1262405"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23239"
},
{
"cve": "CVE-2026-23240",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23240"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Fix race condition in tls_sw_cancel_work_tx()\n\nThis issue was discovered during a code audit.\n\nAfter cancel_delayed_work_sync() is called from tls_sk_proto_close(),\ntx_work_handler() can still be scheduled from paths such as the\nDelayed ACK handler or ksoftirqd.\nAs a result, the tx_work_handler() worker may dereference a freed\nTLS object.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\ntls_sk_proto_close()\n tls_sw_cancel_work_tx()\n tls_write_space()\n tls_sw_write_space()\n if (!test_and_set_bit(BIT_TX_SCHEDULED, \u0026tx_ctx-\u003etx_bitmask))\n set_bit(BIT_TX_SCHEDULED, \u0026ctx-\u003etx_bitmask);\n cancel_delayed_work_sync(\u0026ctx-\u003etx_work.work);\n schedule_delayed_work(\u0026tx_ctx-\u003etx_work.work, 0);\n\nTo prevent this race condition, cancel_delayed_work_sync() is\nreplaced with disable_delayed_work_sync().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23240",
"url": "https://www.suse.com/security/cve/CVE-2026-23240"
},
{
"category": "external",
"summary": "SUSE Bug 1259484 for CVE-2026-23240",
"url": "https://bugzilla.suse.com/1259484"
},
{
"category": "external",
"summary": "SUSE Bug 1262404 for CVE-2026-23240",
"url": "https://bugzilla.suse.com/1262404"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23240"
},
{
"cve": "CVE-2026-23242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23242"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp-\u003erx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp-\u003erx_fpdu-\u003emore_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[ 101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[ 101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23242",
"url": "https://www.suse.com/security/cve/CVE-2026-23242"
},
{
"category": "external",
"summary": "SUSE Bug 1259795 for CVE-2026-23242",
"url": "https://bugzilla.suse.com/1259795"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23242"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23255",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23255"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt-\u003edev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt-\u003edev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt-\u003edev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23255",
"url": "https://www.suse.com/security/cve/CVE-2026-23255"
},
{
"category": "external",
"summary": "SUSE Bug 1259891 for CVE-2026-23255",
"url": "https://bugzilla.suse.com/1259891"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23255"
},
{
"cve": "CVE-2026-23262",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23262"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: Fix stats report corruption on queue count change\n\nThe driver and the NIC share a region in memory for stats reporting.\nThe NIC calculates its offset into this region based on the total size\nof the stats region and the size of the NIC\u0027s stats.\n\nWhen the number of queues is changed, the driver\u0027s stats region is\nresized. If the queue count is increased, the NIC can write past\nthe end of the allocated stats region, causing memory corruption.\nIf the queue count is decreased, there is a gap between the driver\nand NIC stats, leading to incorrect stats reporting.\n\nThis change fixes the issue by allocating stats region with maximum\nsize, and the offset calculation for NIC stats is changed to match\nwith the calculation of the NIC.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23262",
"url": "https://www.suse.com/security/cve/CVE-2026-23262"
},
{
"category": "external",
"summary": "SUSE Bug 1259870 for CVE-2026-23262",
"url": "https://bugzilla.suse.com/1259870"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23262"
},
{
"cve": "CVE-2026-23270",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23270"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks\n\nAs Paolo said earlier [1]:\n\n\"Since the blamed commit below, classify can return TC_ACT_CONSUMED while\nthe current skb being held by the defragmentation engine. As reported by\nGangMin Kim, if such packet is that may cause a UaF when the defrag engine\nlater on tries to tuch again such packet.\"\n\nact_ct was never meant to be used in the egress path, however some users\nare attaching it to egress today [2]. Attempting to reach a middle\nground, we noticed that, while most qdiscs are not handling\nTC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we\naddress the issue by only allowing act_ct to bind to clsact/ingress\nqdiscs and shared blocks. That way it\u0027s still possible to attach act_ct to\negress (albeit only with clsact).\n\n[1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/\n[2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23270",
"url": "https://www.suse.com/security/cve/CVE-2026-23270"
},
{
"category": "external",
"summary": "SUSE Bug 1259886 for CVE-2026-23270",
"url": "https://bugzilla.suse.com/1259886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23270"
},
{
"cve": "CVE-2026-23272",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23272"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set-\u003enelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set-\u003enelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23272",
"url": "https://www.suse.com/security/cve/CVE-2026-23272"
},
{
"category": "external",
"summary": "SUSE Bug 1260009 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260009"
},
{
"category": "external",
"summary": "SUSE Bug 1260909 for CVE-2026-23272",
"url": "https://bugzilla.suse.com/1260909"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23272"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23277",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23277"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n \u003cTASK\u003e\n ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n __gre_xmit (net/ipv4/ip_gre.c:478)\n gre_tap_xmit (net/ipv4/ip_gre.c:779)\n teql_master_xmit (net/sched/sch_teql.c:319)\n dev_hard_start_xmit (net/core/dev.c:3887)\n sch_direct_xmit (net/sched/sch_generic.c:347)\n __dev_queue_xmit (net/core/dev.c:4802)\n neigh_direct_output (net/core/neighbour.c:1660)\n ip_finish_output2 (net/ipv4/ip_output.c:237)\n __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n ip_mc_output (net/ipv4/ip_output.c:369)\n ip_send_skb (net/ipv4/ip_output.c:1508)\n udp_send_skb (net/ipv4/udp.c:1195)\n udp_sendmsg (net/ipv4/udp.c:1485)\n inet_sendmsg (net/ipv4/af_inet.c:859)\n __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23277",
"url": "https://www.suse.com/security/cve/CVE-2026-23277"
},
{
"category": "external",
"summary": "SUSE Bug 1259997 for CVE-2026-23277",
"url": "https://bugzilla.suse.com/1259997"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23277"
},
{
"cve": "CVE-2026-23278",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23278"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23278",
"url": "https://www.suse.com/security/cve/CVE-2026-23278"
},
{
"category": "external",
"summary": "SUSE Bug 1259998 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1259998"
},
{
"category": "external",
"summary": "SUSE Bug 1260907 for CVE-2026-23278",
"url": "https://bugzilla.suse.com/1260907"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23278"
},
{
"cve": "CVE-2026-23281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23281"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix use-after-free in lbs_free_adapter()\n\nThe lbs_free_adapter() function uses timer_delete() (non-synchronous)\nfor both command_timer and tx_lockup_timer before the structure is\nfreed. This is incorrect because timer_delete() does not wait for\nany running timer callback to complete.\n\nIf a timer callback is executing when lbs_free_adapter() is called,\nthe callback will access freed memory since lbs_cfg_free() frees the\ncontaining structure immediately after lbs_free_adapter() returns.\n\nBoth timer callbacks (lbs_cmd_timeout_handler and lbs_tx_lockup_handler)\naccess priv-\u003edriver_lock, priv-\u003ecur_cmd, priv-\u003edev, and other fields,\nwhich would all be use-after-free violations.\n\nUse timer_delete_sync() instead to ensure any running timer callback\nhas completed before returning.\n\nThis bug was introduced in commit 8f641d93c38a (\"libertas: detect TX\nlockups and reset hardware\") where del_timer() was used instead of\ndel_timer_sync() in the cleanup path. The command_timer has had the\nsame issue since the driver was first written.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23281",
"url": "https://www.suse.com/security/cve/CVE-2026-23281"
},
{
"category": "external",
"summary": "SUSE Bug 1260464 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260464"
},
{
"category": "external",
"summary": "SUSE Bug 1260466 for CVE-2026-23281",
"url": "https://bugzilla.suse.com/1260466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23281"
},
{
"cve": "CVE-2026-23292",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23292"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, \u0026p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store(). This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n down_read\n __configfs_open_file\n do_dentry_open\n vfs_open\n do_open\n path_openat\n do_filp_open\n file_open_name\n filp_open\n target_core_item_dbroot_store\n flush_write_buffer\n configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23292",
"url": "https://www.suse.com/security/cve/CVE-2026-23292"
},
{
"category": "external",
"summary": "SUSE Bug 1260500 for CVE-2026-23292",
"url": "https://bugzilla.suse.com/1260500"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23292"
},
{
"cve": "CVE-2026-23293",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23293"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n \u003cTASK\u003e\n vxlan_xmit+0x638/0x1ef0 [vxlan]\n dev_hard_start_xmit+0x9e/0x2e0\n __dev_queue_xmit+0xbee/0x14e0\n packet_sendmsg+0x116f/0x1930\n __sys_sendto+0x1f5/0x200\n __x64_sys_sendto+0x24/0x30\n do_syscall_64+0x12f/0x1590\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23293",
"url": "https://www.suse.com/security/cve/CVE-2026-23293"
},
{
"category": "external",
"summary": "SUSE Bug 1260486 for CVE-2026-23293",
"url": "https://bugzilla.suse.com/1260486"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23293"
},
{
"cve": "CVE-2026-23297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23297"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: Fix cred ref leak in nfsd_nl_threads_set_doit().\n\nsyzbot reported memory leak of struct cred. [0]\n\nnfsd_nl_threads_set_doit() passes get_current_cred() to\nnfsd_svc(), but put_cred() is not called after that.\n\nThe cred is finally passed down to _svc_xprt_create(),\nwhich calls get_cred() with the cred for struct svc_xprt.\n\nThe ownership of the refcount by get_current_cred() is not\ntransferred to anywhere and is just leaked.\n\nnfsd_svc() is also called from write_threads(), but it does\nnot bump file-\u003ef_cred there.\n\nnfsd_nl_threads_set_doit() is called from sendmsg() and\ncurrent-\u003ecred does not go away.\n\nLet\u0027s use current_cred() in nfsd_nl_threads_set_doit().\n\n[0]:\nBUG: memory leak\nunreferenced object 0xffff888108b89480 (size 184):\n comm \"syz-executor\", pid 5994, jiffies 4294943386\n hex dump (first 32 bytes):\n 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................\n backtrace (crc 369454a7):\n kmemleak_alloc_recursive include/linux/kmemleak.h:44 [inline]\n slab_post_alloc_hook mm/slub.c:4958 [inline]\n slab_alloc_node mm/slub.c:5263 [inline]\n kmem_cache_alloc_noprof+0x412/0x580 mm/slub.c:5270\n prepare_creds+0x22/0x600 kernel/cred.c:185\n copy_creds+0x44/0x290 kernel/cred.c:286\n copy_process+0x7a7/0x2870 kernel/fork.c:2086\n kernel_clone+0xac/0x6e0 kernel/fork.c:2651\n __do_sys_clone+0x7f/0xb0 kernel/fork.c:2792\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xa4/0xf80 arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x77/0x7f",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23297",
"url": "https://www.suse.com/security/cve/CVE-2026-23297"
},
{
"category": "external",
"summary": "SUSE Bug 1260490 for CVE-2026-23297",
"url": "https://bugzilla.suse.com/1260490"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23297"
},
{
"cve": "CVE-2026-23304",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23304"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()\n\nl3mdev_master_dev_rcu() can return NULL when the slave device is being\nun-slaved from a VRF. All other callers deal with this, but we lost\nthe fallback to loopback in ip6_rt_pcpu_alloc() -\u003e ip6_rt_get_dev_rcu()\nwith commit 4832c30d5458 (\"net: ipv6: put host and anycast routes on\ndevice with address\").\n\n KASAN: null-ptr-deref in range [0x0000000000000108-0x000000000000010f]\n RIP: 0010:ip6_rt_pcpu_alloc (net/ipv6/route.c:1418)\n Call Trace:\n ip6_pol_route (net/ipv6/route.c:2318)\n fib6_rule_lookup (net/ipv6/fib6_rules.c:115)\n ip6_route_output_flags (net/ipv6/route.c:2607)\n vrf_process_v6_outbound (drivers/net/vrf.c:437)\n\nI was tempted to rework the un-slaving code to clear the flag first\nand insert synchronize_rcu() before we remove the upper. But looks like\nthe explicit fallback to loopback_dev is an established pattern.\nAnd I guess avoiding the synchronize_rcu() is nice, too.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23304",
"url": "https://www.suse.com/security/cve/CVE-2026-23304"
},
{
"category": "external",
"summary": "SUSE Bug 1260544 for CVE-2026-23304",
"url": "https://bugzilla.suse.com/1260544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23304"
},
{
"cve": "CVE-2026-23319",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23319"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim\n\nThe root cause of this bug is that when \u0027bpf_link_put\u0027 reduces the\nrefcount of \u0027shim_link-\u003elink.link\u0027 to zero, the resource is considered\nreleased but may still be referenced via \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027cgroup_shim_find\u0027. The actual cleanup of \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027bpf_shim_tramp_link_release\u0027 is deferred. During this window, another\nprocess can cause a use-after-free via \u0027bpf_trampoline_link_cgroup_shim\u0027.\n\nBased on Martin KaFai Lau\u0027s suggestions, I have created a simple patch.\n\nTo fix this:\n Add an atomic non-zero check in \u0027bpf_trampoline_link_cgroup_shim\u0027.\n Only increment the refcount if it is not already zero.\n\nTesting:\n I verified the fix by adding a delay in\n \u0027bpf_shim_tramp_link_release\u0027 to make the bug easier to trigger:\n\nstatic void bpf_shim_tramp_link_release(struct bpf_link *link)\n{\n\t/* ... */\n\tif (!shim_link-\u003etrampoline)\n\t\treturn;\n\n+\tmsleep(100);\n\tWARN_ON_ONCE(bpf_trampoline_unlink_prog(\u0026shim_link-\u003elink,\n\t\tshim_link-\u003etrampoline, NULL));\n\tbpf_trampoline_put(shim_link-\u003etrampoline);\n}\n\nBefore the patch, running a PoC easily reproduced the crash(almost 100%)\nwith a call trace similar to KaiyanM\u0027s report.\nAfter the patch, the bug no longer occurs even after millions of\niterations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23319",
"url": "https://www.suse.com/security/cve/CVE-2026-23319"
},
{
"category": "external",
"summary": "SUSE Bug 1260735 for CVE-2026-23319",
"url": "https://bugzilla.suse.com/1260735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23319"
},
{
"cve": "CVE-2026-23326",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23326"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxsk: Fix fragment node deletion to prevent buffer leak\n\nAfter commit b692bf9a7543 (\"xsk: Get rid of xdp_buff_xsk::xskb_list_node\"),\nthe list_node field is reused for both the xskb pool list and the buffer\nfree list, this causes a buffer leak as described below.\n\nxp_free() checks if a buffer is already on the free list using\nlist_empty(\u0026xskb-\u003elist_node). When list_del() is used to remove a node\nfrom the xskb pool list, it doesn\u0027t reinitialize the node pointers.\nThis means list_empty() will return false even after the node has been\nremoved, causing xp_free() to incorrectly skip adding the buffer to the\nfree list.\n\nFix this by using list_del_init() instead of list_del() in all fragment\nhandling paths, this ensures the list node is reinitialized after removal,\nallowing the list_empty() to work correctly.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23326",
"url": "https://www.suse.com/security/cve/CVE-2026-23326"
},
{
"category": "external",
"summary": "SUSE Bug 1260606 for CVE-2026-23326",
"url": "https://bugzilla.suse.com/1260606"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23326"
},
{
"cve": "CVE-2026-23335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23335",
"url": "https://www.suse.com/security/cve/CVE-2026-23335"
},
{
"category": "external",
"summary": "SUSE Bug 1260550 for CVE-2026-23335",
"url": "https://bugzilla.suse.com/1260550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "low"
}
],
"title": "CVE-2026-23335"
},
{
"cve": "CVE-2026-23343",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23343"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxdp: produce a warning when calculated tailroom is negative\n\nMany ethernet drivers report xdp Rx queue frag size as being the same as\nDMA write size. However, the only user of this field, namely\nbpf_xdp_frags_increase_tail(), clearly expects a truesize.\n\nSuch difference leads to unspecific memory corruption issues under certain\ncircumstances, e.g. in ixgbevf maximum DMA write size is 3 KB, so when\nrunning xskxceiver\u0027s XDP_ADJUST_TAIL_GROW_MULTI_BUFF, 6K packet fully uses\nall DMA-writable space in 2 buffers. This would be fine, if only\nrxq-\u003efrag_size was properly set to 4K, but value of 3K results in a\nnegative tailroom, because there is a non-zero page offset.\n\nWe are supposed to return -EINVAL and be done with it in such case, but due\nto tailroom being stored as an unsigned int, it is reported to be somewhere\nnear UINT_MAX, resulting in a tail being grown, even if the requested\noffset is too much (it is around 2K in the abovementioned test). This later\nleads to all kinds of unspecific calltraces.\n\n[ 7340.337579] xskxceiver[1440]: segfault at 1da718 ip 00007f4161aeac9d sp 00007f41615a6a00 error 6\n[ 7340.338040] xskxceiver[1441]: segfault at 7f410000000b ip 00000000004042b5 sp 00007f415bffecf0 error 4\n[ 7340.338179] in libc.so.6[61c9d,7f4161aaf000+160000]\n[ 7340.339230] in xskxceiver[42b5,400000+69000]\n[ 7340.340300] likely on CPU 6 (core 0, socket 6)\n[ 7340.340302] Code: ff ff 01 e9 f4 fe ff ff 0f 1f 44 00 00 4c 39 f0 74 73 31 c0 ba 01 00 00 00 f0 0f b1 17 0f 85 ba 00 00 00 49 8b 87 88 00 00 00 \u003c4c\u003e 89 70 08 eb cc 0f 1f 44 00 00 48 8d bd f0 fe ff ff 89 85 ec fe\n[ 7340.340888] likely on CPU 3 (core 0, socket 3)\n[ 7340.345088] Code: 00 00 00 ba 00 00 00 00 be 00 00 00 00 89 c7 e8 31 ca ff ff 89 45 ec 8b 45 ec 85 c0 78 07 b8 00 00 00 00 eb 46 e8 0b c8 ff ff \u003c8b\u003e 00 83 f8 69 74 24 e8 ff c7 ff ff 8b 00 83 f8 0b 74 18 e8 f3 c7\n[ 7340.404334] Oops: general protection fault, probably for non-canonical address 0x6d255010bdffc: 0000 [#1] SMP NOPTI\n[ 7340.405972] CPU: 7 UID: 0 PID: 1439 Comm: xskxceiver Not tainted 6.19.0-rc1+ #21 PREEMPT(lazy)\n[ 7340.408006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.17.0-5.fc42 04/01/2014\n[ 7340.409716] RIP: 0010:lookup_swap_cgroup_id+0x44/0x80\n[ 7340.410455] Code: 83 f8 1c 73 39 48 ba ff ff ff ff ff ff ff 03 48 8b 04 c5 20 55 fa bd 48 21 d1 48 89 ca 83 e1 01 48 d1 ea c1 e1 04 48 8d 04 90 \u003c8b\u003e 00 48 83 c4 10 d3 e8 c3 cc cc cc cc 31 c0 e9 98 b7 dd 00 48 89\n[ 7340.412787] RSP: 0018:ffffcc5c04f7f6d0 EFLAGS: 00010202\n[ 7340.413494] RAX: 0006d255010bdffc RBX: ffff891f477895a8 RCX: 0000000000000010\n[ 7340.414431] RDX: 0001c17e3fffffff RSI: 00fa070000000000 RDI: 000382fc7fffffff\n[ 7340.415354] RBP: 00fa070000000000 R08: ffffcc5c04f7f8f8 R09: ffffcc5c04f7f7d0\n[ 7340.416283] R10: ffff891f4c1a7000 R11: ffffcc5c04f7f9c8 R12: ffffcc5c04f7f7d0\n[ 7340.417218] R13: 03ffffffffffffff R14: 00fa06fffffffe00 R15: ffff891f47789500\n[ 7340.418229] FS: 0000000000000000(0000) GS:ffff891ffdfaa000(0000) knlGS:0000000000000000\n[ 7340.419489] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 7340.420286] CR2: 00007f415bfffd58 CR3: 0000000103f03002 CR4: 0000000000772ef0\n[ 7340.421237] PKRU: 55555554\n[ 7340.421623] Call Trace:\n[ 7340.421987] \u003cTASK\u003e\n[ 7340.422309] ? softleaf_from_pte+0x77/0xa0\n[ 7340.422855] swap_pte_batch+0xa7/0x290\n[ 7340.423363] zap_nonpresent_ptes.constprop.0.isra.0+0xd1/0x270\n[ 7340.424102] zap_pte_range+0x281/0x580\n[ 7340.424607] zap_pmd_range.isra.0+0xc9/0x240\n[ 7340.425177] unmap_page_range+0x24d/0x420\n[ 7340.425714] unmap_vmas+0xa1/0x180\n[ 7340.426185] exit_mmap+0xe1/0x3b0\n[ 7340.426644] __mmput+0x41/0x150\n[ 7340.427098] exit_mm+0xb1/0x110\n[ 7340.427539] do_exit+0x1b2/0x460\n[ 7340.427992] do_group_exit+0x2d/0xc0\n[ 7340.428477] get_signal+0x79d/0x7e0\n[ 7340.428957] arch_do_signal_or_restart+0x34/0x100\n[ 7340.429571] exit_to_user_mode_loop+0x8e/0x4c0\n[ 7340.430159] do_syscall_64+0x188/\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23343",
"url": "https://www.suse.com/security/cve/CVE-2026-23343"
},
{
"category": "external",
"summary": "SUSE Bug 1260527 for CVE-2026-23343",
"url": "https://bugzilla.suse.com/1260527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23343"
},
{
"cve": "CVE-2026-23361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry\n\nEndpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X\ninterrupt to the host using a writel(), which generates a PCI posted write\ntransaction. There\u0027s no completion for posted writes, so the writel() may\nreturn before the PCI write completes. dw_pcie_ep_raise_msix_irq() also\nunmaps the outbound ATU entry used for the PCI write, so the write races\nwith the unmap.\n\nIf the PCI write loses the race with the ATU unmap, the write may corrupt\nhost memory or cause IOMMU errors, e.g., these when running fio with a\nlarger queue depth against nvmet-pci-epf:\n\n arm-smmu-v3 fc900000.iommu: 0x0000010000000010\n arm-smmu-v3 fc900000.iommu: 0x0000020000000000\n arm-smmu-v3 fc900000.iommu: 0x000000090000f040\n arm-smmu-v3 fc900000.iommu: 0x0000000000000000\n arm-smmu-v3 fc900000.iommu: event: F_TRANSLATION client: 0000:01:00.0 sid: 0x100 ssid: 0x0 iova: 0x90000f040 ipa: 0x0\n arm-smmu-v3 fc900000.iommu: unpriv data write s1 \"Input address caused fault\" stag: 0x0\n\nFlush the write by performing a readl() of the same address to ensure that\nthe write has reached the destination before the ATU entry is unmapped.\n\nThe same problem was solved for dw_pcie_ep_raise_msi_irq() in commit\n8719c64e76bf (\"PCI: dwc: ep: Cache MSI outbound iATU mapping\"), but there\nit was solved by dedicating an outbound iATU only for MSI. We can\u0027t do the\nsame for MSI-X because each vector can have a different msg_addr and the\nmsg_addr may be changed while the vector is masked.\n\n[bhelgaas: commit log]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23361",
"url": "https://www.suse.com/security/cve/CVE-2026-23361"
},
{
"category": "external",
"summary": "SUSE Bug 1260732 for CVE-2026-23361",
"url": "https://bugzilla.suse.com/1260732"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23361"
},
{
"cve": "CVE-2026-23379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: fix divide by zero in the offload path\n\nOffloading ETS requires computing each class\u0027 WRR weight: this is done by\naveraging over the sums of quanta as \u0027q_sum\u0027 and \u0027q_psum\u0027. Using unsigned\nint, the same integer size as the individual DRR quanta, can overflow and\neven cause division by zero, like it happened in the following splat:\n\n Oops: divide error: 0000 [#1] SMP PTI\n CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G E 6.19.0-virtme #45 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Call Trace:\n \u003cTASK\u003e\n ets_qdisc_change+0x870/0xf40 [sch_ets]\n qdisc_create+0x12b/0x540\n tc_modify_qdisc+0x6d7/0xbd0\n rtnetlink_rcv_msg+0x168/0x6b0\n netlink_rcv_skb+0x5c/0x110\n netlink_unicast+0x1d6/0x2b0\n netlink_sendmsg+0x22e/0x470\n ____sys_sendmsg+0x38a/0x3c0\n ___sys_sendmsg+0x99/0xe0\n __sys_sendmsg+0x8a/0xf0\n do_syscall_64+0x111/0xf80\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f440b81c77e\n Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e\n RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003\n RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8\n R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980\n \u003c/TASK\u003e\n Modules linked in: sch_ets(E) netdevsim(E)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS: 00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n\nFix this using 64-bit integers for \u0027q_sum\u0027 and \u0027q_psum\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23379",
"url": "https://www.suse.com/security/cve/CVE-2026-23379"
},
{
"category": "external",
"summary": "SUSE Bug 1260481 for CVE-2026-23379",
"url": "https://bugzilla.suse.com/1260481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23379"
},
{
"cve": "CVE-2026-23381",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23381"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n \u003cIRQ\u003e\n ? neigh_lookup+0x16/0xe0\n br_do_suppress_nd+0x160/0x290 [bridge]\n br_handle_frame_finish+0x500/0x620 [bridge]\n br_handle_frame+0x353/0x440 [bridge]\n __netif_receive_skb_core.constprop.0+0x298/0x1110\n __netif_receive_skb_one_core+0x3d/0xa0\n process_backlog+0xa0/0x140\n __napi_poll+0x2c/0x170\n net_rx_action+0x2c4/0x3a0\n handle_softirqs+0xd0/0x270\n do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23381",
"url": "https://www.suse.com/security/cve/CVE-2026-23381"
},
{
"category": "external",
"summary": "SUSE Bug 1260471 for CVE-2026-23381",
"url": "https://bugzilla.suse.com/1260471"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23381"
},
{
"cve": "CVE-2026-23383",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23383"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing\n\nstruct bpf_plt contains a u64 target field. Currently, the BPF JIT\nallocator requests an alignment of 4 bytes (sizeof(u32)) for the JIT\nbuffer.\n\nBecause the base address of the JIT buffer can be 4-byte aligned (e.g.,\nending in 0x4 or 0xc), the relative padding logic in build_plt() fails\nto ensure that target lands on an 8-byte boundary.\n\nThis leads to two issues:\n1. UBSAN reports misaligned-access warnings when dereferencing the\n structure.\n2. More critically, target is updated concurrently via WRITE_ONCE() in\n bpf_arch_text_poke() while the JIT\u0027d code executes ldr. On arm64,\n 64-bit loads/stores are only guaranteed to be single-copy atomic if\n they are 64-bit aligned. A misaligned target risks a torn read,\n causing the JIT to jump to a corrupted address.\n\nFix this by increasing the allocation alignment requirement to 8 bytes\n(sizeof(u64)) in bpf_jit_binary_pack_alloc(). This anchors the base of\nthe JIT buffer to an 8-byte boundary, allowing the relative padding math\nin build_plt() to correctly align the target field.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23383",
"url": "https://www.suse.com/security/cve/CVE-2026-23383"
},
{
"category": "external",
"summary": "SUSE Bug 1260497 for CVE-2026-23383",
"url": "https://bugzilla.suse.com/1260497"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23383"
},
{
"cve": "CVE-2026-23386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23386"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL\n\nIn DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA\nbuffer cleanup path. It iterates num_bufs times and attempts to unmap\nentries in the dma array.\n\nThis leads to two issues:\n1. The dma array shares storage with tx_qpl_buf_ids (union).\n Interpreting buffer IDs as DMA addresses results in attempting to\n unmap incorrect memory locations.\n2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed\n the size of the dma array, causing out-of-bounds access warnings\n(trace below is how we noticed this issue).\n\nUBSAN: array-index-out-of-bounds in\ndrivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c:178:5 index 18 is out of\nrange for type \u0027dma_addr_t[18]\u0027 (aka \u0027unsigned long long[18]\u0027)\nWorkqueue: gve gve_service_task [gve]\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x33/0xa0\n__ubsan_handle_out_of_bounds+0xdc/0x110\ngve_tx_stop_ring_dqo+0x182/0x200 [gve]\ngve_close+0x1be/0x450 [gve]\ngve_reset+0x99/0x120 [gve]\ngve_service_task+0x61/0x100 [gve]\nprocess_scheduled_works+0x1e9/0x380\n\nFix this by properly checking for QPL mode and delegating to\ngve_free_tx_qpl_bufs() to reclaim the buffers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23386",
"url": "https://www.suse.com/security/cve/CVE-2026-23386"
},
{
"category": "external",
"summary": "SUSE Bug 1260799 for CVE-2026-23386",
"url": "https://bugzilla.suse.com/1260799"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23386"
},
{
"cve": "CVE-2026-23393",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23393"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbridge: cfm: Fix race condition in peer_mep deletion\n\nWhen a peer MEP is being deleted, cancel_delayed_work_sync() is called\non ccm_rx_dwork before freeing. However, br_cfm_frame_rx() runs in\nsoftirq context under rcu_read_lock (without RTNL) and can re-schedule\nccm_rx_dwork via ccm_rx_timer_start() between cancel_delayed_work_sync()\nreturning and kfree_rcu() being called.\n\nThe following is a simple race scenario:\n\n cpu0 cpu1\n\nmep_delete_implementation()\n cancel_delayed_work_sync(ccm_rx_dwork);\n br_cfm_frame_rx()\n // peer_mep still in hlist\n if (peer_mep-\u003eccm_defect)\n ccm_rx_timer_start()\n queue_delayed_work(ccm_rx_dwork)\n hlist_del_rcu(\u0026peer_mep-\u003ehead);\n kfree_rcu(peer_mep, rcu);\n ccm_rx_work_expired()\n // on freed peer_mep\n\nTo prevent this, cancel_delayed_work_sync() is replaced with\ndisable_delayed_work_sync() in both peer MEP deletion paths, so\nthat subsequent queue_delayed_work() calls from br_cfm_frame_rx()\nare silently rejected.\n\nThe cc_peer_disable() helper retains cancel_delayed_work_sync()\nbecause it is also used for the CC enable/disable toggle path where\nthe work must remain re-schedulable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23393",
"url": "https://www.suse.com/security/cve/CVE-2026-23393"
},
{
"category": "external",
"summary": "SUSE Bug 1260522 for CVE-2026-23393",
"url": "https://bugzilla.suse.com/1260522"
},
{
"category": "external",
"summary": "SUSE Bug 1260524 for CVE-2026-23393",
"url": "https://bugzilla.suse.com/1260524"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-23393"
},
{
"cve": "CVE-2026-23398",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23398"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: fix NULL pointer dereference in icmp_tag_validation()\n\nicmp_tag_validation() unconditionally dereferences the result of\nrcu_dereference(inet_protos[proto]) without checking for NULL.\nThe inet_protos[] array is sparse -- only about 15 of 256 protocol\nnumbers have registered handlers. When ip_no_pmtu_disc is set to 3\n(hardened PMTU mode) and the kernel receives an ICMP Fragmentation\nNeeded error with a quoted inner IP header containing an unregistered\nprotocol number, the NULL dereference causes a kernel panic in\nsoftirq context.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143)\n Call Trace:\n \u003cIRQ\u003e\n icmp_rcv (net/ipv4/icmp.c:1527)\n ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207)\n ip_local_deliver_finish (net/ipv4/ip_input.c:242)\n ip_local_deliver (net/ipv4/ip_input.c:262)\n ip_rcv (net/ipv4/ip_input.c:573)\n __netif_receive_skb_one_core (net/core/dev.c:6164)\n process_backlog (net/core/dev.c:6628)\n handle_softirqs (kernel/softirq.c:561)\n \u003c/IRQ\u003e\n\nAdd a NULL check before accessing icmp_strict_tag_validation. If the\nprotocol has no registered handler, return false since it cannot\nperform strict tag validation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23398",
"url": "https://www.suse.com/security/cve/CVE-2026-23398"
},
{
"category": "external",
"summary": "SUSE Bug 1260730 for CVE-2026-23398",
"url": "https://bugzilla.suse.com/1260730"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23398"
},
{
"cve": "CVE-2026-23413",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23413"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclsact: Fix use-after-free in init/destroy rollback asymmetry\n\nFix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry.\nThe latter is achieved by first fully initializing a clsact instance, and\nthen in a second step having a replacement failure for the new clsact qdisc\ninstance. clsact_init() initializes ingress first and then takes care of the\negress part. This can fail midway, for example, via tcf_block_get_ext(). Upon\nfailure, the kernel will trigger the clsact_destroy() callback.\n\nCommit 1cb6f0bae504 (\"bpf: Fix too early release of tcx_entry\") details the\nway how the transition is happening. If tcf_block_get_ext on the q-\u003eingress_block\nends up failing, we took the tcx_miniq_inc reference count on the ingress\nside, but not yet on the egress side. clsact_destroy() tests whether the\n{ingress,egress}_entry was non-NULL. However, even in midway failure on the\nreplacement, both are in fact non-NULL with a valid egress_entry from the\nprevious clsact instance.\n\nWhat we really need to test for is whether the qdisc instance-specific ingress\nor egress side previously got initialized. This adds a small helper for checking\nthe miniq initialization called mini_qdisc_pair_inited, and utilizes that upon\nclsact_destroy() in order to fix the use-after-free scenario. Convert the\ningress_destroy() side as well so both are consistent to each other.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23413",
"url": "https://www.suse.com/security/cve/CVE-2026-23413"
},
{
"category": "external",
"summary": "SUSE Bug 1261498 for CVE-2026-23413",
"url": "https://bugzilla.suse.com/1261498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23413"
},
{
"cve": "CVE-2026-23414",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23414"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Purge async_hold in tls_decrypt_async_wait()\n\nThe async_hold queue pins encrypted input skbs while\nthe AEAD engine references their scatterlist data. Once\ntls_decrypt_async_wait() returns, every AEAD operation\nhas completed and the engine no longer references those\nskbs, so they can be freed unconditionally.\n\nA subsequent patch adds batch async decryption to\ntls_sw_read_sock(), introducing a new call site that\nmust drain pending AEAD operations and release held\nskbs. Move __skb_queue_purge(\u0026ctx-\u003easync_hold) into\ntls_decrypt_async_wait() so the purge is centralized\nand every caller -- recvmsg\u0027s drain path, the -EBUSY\nfallback in tls_do_decryption(), and the new read_sock\nbatch path -- releases held skbs on synchronization\nwithout each site managing the purge independently.\n\nThis fixes a leak when tls_strp_msg_hold() fails part-way through,\nafter having added some cloned skbs to the async_hold\nqueue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to\nprocess all pending decrypts, and drop back to synchronous mode, but\ntls_sw_recvmsg() only flushes the async_hold queue when one record has\nbeen processed in \"fully-async\" mode, which may not be the case here.\n\n[pabeni@redhat.com: added leak comment]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23414",
"url": "https://www.suse.com/security/cve/CVE-2026-23414"
},
{
"category": "external",
"summary": "SUSE Bug 1261496 for CVE-2026-23414",
"url": "https://bugzilla.suse.com/1261496"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23414"
},
{
"cve": "CVE-2026-23419",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23419"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/rds: Fix circular locking dependency in rds_tcp_tune\n\nsyzbot reported a circular locking dependency in rds_tcp_tune() where\nsk_net_refcnt_upgrade() is called while holding the socket lock:\n\n======================================================\nWARNING: possible circular locking dependency detected\n======================================================\nkworker/u10:8/15040 is trying to acquire lock:\nffffffff8e9aaf80 (fs_reclaim){+.+.}-{0:0},\nat: __kmalloc_cache_noprof+0x4b/0x6f0\n\nbut task is already holding lock:\nffff88805a3c1ce0 (k-sk_lock-AF_INET6){+.+.}-{0:0},\nat: rds_tcp_tune+0xd7/0x930\n\nThe issue occurs because sk_net_refcnt_upgrade() performs memory\nallocation (via get_net_track() -\u003e ref_tracker_alloc()) while the\nsocket lock is held, creating a circular dependency with fs_reclaim.\n\nFix this by moving sk_net_refcnt_upgrade() outside the socket lock\ncritical section. This is safe because the fields modified by the\nsk_net_refcnt_upgrade() call (sk_net_refcnt, ns_tracker) are not\naccessed by any concurrent code path at this point.\n\nv2:\n - Corrected fixes tag\n - check patch line wrap nits\n - ai commentary nits",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23419",
"url": "https://www.suse.com/security/cve/CVE-2026-23419"
},
{
"category": "external",
"summary": "SUSE Bug 1261507 for CVE-2026-23419",
"url": "https://bugzilla.suse.com/1261507"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23419"
},
{
"cve": "CVE-2026-23425",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23425"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Fix ID register initialization for non-protected pKVM guests\n\nIn protected mode, the hypervisor maintains a separate instance of\nthe `kvm` structure for each VM. For non-protected VMs, this structure is\ninitialized from the host\u0027s `kvm` state.\n\nCurrently, `pkvm_init_features_from_host()` copies the\n`KVM_ARCH_FLAG_ID_REGS_INITIALIZED` flag from the host without the\nunderlying `id_regs` data being initialized. This results in the\nhypervisor seeing the flag as set while the ID registers remain zeroed.\n\nConsequently, `kvm_has_feat()` checks at EL2 fail (return 0) for\nnon-protected VMs. This breaks logic that relies on feature detection,\nsuch as `ctxt_has_tcrx()` for TCR2_EL1 support. As a result, certain\nsystem registers (e.g., TCR2_EL1, PIR_EL1, POR_EL1) are not\nsaved/restored during the world switch, which could lead to state\ncorruption.\n\nFix this by explicitly copying the ID registers from the host `kvm` to\nthe hypervisor `kvm` for non-protected VMs during initialization, since\nwe trust the host with its non-protected guests\u0027 features. Also ensure\n`KVM_ARCH_FLAG_ID_REGS_INITIALIZED` is cleared initially in\n`pkvm_init_features_from_host` so that `vm_copy_id_regs` can properly\ninitialize them and set the flag once done.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23425",
"url": "https://www.suse.com/security/cve/CVE-2026-23425"
},
{
"category": "external",
"summary": "SUSE Bug 1261506 for CVE-2026-23425",
"url": "https://bugzilla.suse.com/1261506"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "moderate"
}
],
"title": "CVE-2026-23425"
},
{
"cve": "CVE-2026-31788",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31788"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: restrict usage in unprivileged domU\n\nThe Xen privcmd driver allows to issue arbitrary hypercalls from\nuser space processes. This is normally no problem, as access is\nusually limited to root and the hypervisor will deny any hypercalls\naffecting other domains.\n\nIn case the guest is booted using secure boot, however, the privcmd\ndriver would be enabling a root user process to modify e.g. kernel\nmemory contents, thus breaking the secure boot feature.\n\nThe only known case where an unprivileged domU is really needing to\nuse the privcmd driver is the case when it is acting as the device\nmodel for another guest. In this case all hypercalls issued via the\nprivcmd driver will target that other guest.\n\nFortunately the privcmd driver can already be locked down to allow\nonly hypercalls targeting a specific domain, but this mode can be\nactivated from user land only today.\n\nThe target domain can be obtained from Xenstore, so when not running\nin dom0 restrict the privcmd driver to that target domain from the\nbeginning, resolving the potential problem of breaking secure boot.\n\nThis is XSA-482\n\n---\nV2:\n- defer reading from Xenstore if Xenstore isn\u0027t ready yet (Jan Beulich)\n- wait in open() if target domain isn\u0027t known yet\n- issue message in case no target domain found (Jan Beulich)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31788",
"url": "https://www.suse.com/security/cve/CVE-2026-31788"
},
{
"category": "external",
"summary": "SUSE Bug 1259707 for CVE-2026-31788",
"url": "https://bugzilla.suse.com/1259707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.2:kernel-64kb-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-64kb-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.aarch64",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-base-6.12.0-160000.27.1.160000.2.8.x86_64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-extra-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.ppc64le",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.s390x",
"SUSE Linux Micro 6.2:kernel-default-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-devel-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-macros-6.12.0-160000.28.1.noarch",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.aarch64",
"SUSE Linux Micro 6.2:kernel-rt-devel-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-rt-livepatch-6.12.0-160000.28.1.x86_64",
"SUSE Linux Micro 6.2:kernel-source-6.12.0-160000.28.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-04-20T15:44:52Z",
"details": "important"
}
],
"title": "CVE-2026-31788"
}
]
}
GHSA-J6Q7-JCX4-9HR4
Vulnerability from github – Published: 2026-03-25 12:30 – Updated: 2026-04-23 21:31
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx) __u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK };
rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().
The reserved members of the structure were not zeroed.
Severity ?
5.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2026-23335"
],
"database_specific": {
"cwe_ids": [
"CWE-401"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T11:16:31Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed.",
"id": "GHSA-j6q7-jcx4-9hr4",
"modified": "2026-04-23T21:31:17Z",
"published": "2026-03-25T12:30:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23335"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2026-0861
Vulnerability from csaf_certbund - Published: 2026-03-24 23:00 - Updated: 2026-03-25 23:00Summary
Linux Kernel: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service zu verursachen, Sicherheitsmaßnahmen zu umgehen, Informationen offenzulegen, weitere nicht spezifizierte Auswirkungen zu verursachen und potentiell Code auszuführen.
Betroffene Betriebssysteme: - Linux
References
| URL | Category | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um einen Denial of Service zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen, Informationen offenzulegen, weitere nicht spezifizierte Auswirkungen zu verursachen und potentiell Code auszuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0861 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0861.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0861 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0861"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23279",
"url": "https://lore.kernel.org/linux-cve-announce/2026032522-CVE-2026-23279-cf34@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23280",
"url": "https://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23280-cd9e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23281",
"url": "https://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23281-2e62@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23282",
"url": "https://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23282-bad0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23283",
"url": "https://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23283-3d92@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23284",
"url": "https://lore.kernel.org/linux-cve-announce/2026032523-CVE-2026-23284-ca53@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23285",
"url": "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23285-ad41@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23286",
"url": "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23286-8a7e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23287",
"url": "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23287-93b2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23288",
"url": "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23288-1d11@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23289",
"url": "https://lore.kernel.org/linux-cve-announce/2026032524-CVE-2026-23289-aa54@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23290",
"url": "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23290-af97@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23291",
"url": "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23291-eae3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23292",
"url": "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23292-67e8@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23293",
"url": "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23293-b422@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23294",
"url": "https://lore.kernel.org/linux-cve-announce/2026032525-CVE-2026-23294-1682@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23295",
"url": "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23295-59d2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23296",
"url": "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23296-eb4a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23297",
"url": "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23297-bcad@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23298",
"url": "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23298-fad9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23299",
"url": "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23299-6471@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23300",
"url": "https://lore.kernel.org/linux-cve-announce/2026032526-CVE-2026-23300-9bc4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23301",
"url": "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23301-09e7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23302",
"url": "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23302-e03d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23303",
"url": "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23303-8e38@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23304",
"url": "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23304-485b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23305",
"url": "https://lore.kernel.org/linux-cve-announce/2026032527-CVE-2026-23305-5fa4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23306",
"url": "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23306-8854@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23307",
"url": "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23307-60f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23308",
"url": "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23308-1e72@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23309",
"url": "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23309-4243@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23310",
"url": "https://lore.kernel.org/linux-cve-announce/2026032528-CVE-2026-23310-9b67@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23311",
"url": "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23311-8c0b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23312",
"url": "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23312-2b11@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23313",
"url": "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23313-925e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23314",
"url": "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23314-166c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23315",
"url": "https://lore.kernel.org/linux-cve-announce/2026032529-CVE-2026-23315-9ac1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23316",
"url": "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23316-2ce3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23317",
"url": "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23317-0e9e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23318",
"url": "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23318-bef0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23319",
"url": "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23319-1e3d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23320",
"url": "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23320-0ae7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23321",
"url": "https://lore.kernel.org/linux-cve-announce/2026032530-CVE-2026-23321-6059@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23322",
"url": "https://lore.kernel.org/linux-cve-announce/2026032531-CVE-2026-23322-9fd3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23323",
"url": "https://lore.kernel.org/linux-cve-announce/2026032531-CVE-2026-23323-53db@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23324",
"url": "https://lore.kernel.org/linux-cve-announce/2026032531-CVE-2026-23324-bc9e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23325",
"url": "https://lore.kernel.org/linux-cve-announce/2026032531-CVE-2026-23325-4e3b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23326",
"url": "https://lore.kernel.org/linux-cve-announce/2026032531-CVE-2026-23326-ffc6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23327",
"url": "https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23327-c497@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23328",
"url": "https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23328-9600@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23329",
"url": "https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23329-c743@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23330",
"url": "https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23330-00fd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23331",
"url": "https://lore.kernel.org/linux-cve-announce/2026032532-CVE-2026-23331-735b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23332",
"url": "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23332-50e0@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23333",
"url": "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23333-417f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23334",
"url": "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23334-1b12@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23335",
"url": "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23335-602d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23336",
"url": "https://lore.kernel.org/linux-cve-announce/2026032533-CVE-2026-23336-d365@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23337",
"url": "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23337-5018@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23338",
"url": "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23338-67c7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23339",
"url": "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23339-263f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23340",
"url": "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23340-1aa9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23341",
"url": "https://lore.kernel.org/linux-cve-announce/2026032534-CVE-2026-23341-3f7b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23342",
"url": "https://lore.kernel.org/linux-cve-announce/2026032535-CVE-2026-23342-8456@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23343",
"url": "https://lore.kernel.org/linux-cve-announce/2026032535-CVE-2026-23343-dc2b@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23344",
"url": "https://lore.kernel.org/linux-cve-announce/2026032535-CVE-2026-23344-0279@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23345",
"url": "https://lore.kernel.org/linux-cve-announce/2026032535-CVE-2026-23345-c154@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23346",
"url": "https://lore.kernel.org/linux-cve-announce/2026032535-CVE-2026-23346-faed@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23347",
"url": "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23347-fa08@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23348",
"url": "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23348-e792@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23349",
"url": "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23349-aa6a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23350",
"url": "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23350-f4be@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23351",
"url": "https://lore.kernel.org/linux-cve-announce/2026032536-CVE-2026-23351-637f@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23352",
"url": "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23352-18f2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23353",
"url": "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23353-d0c3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23354",
"url": "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23354-d9b2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23355",
"url": "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23355-86df@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23356",
"url": "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23356-0014@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23357",
"url": "https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23357-605e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23358",
"url": "https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23358-1042@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23359",
"url": "https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23359-35fd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23360",
"url": "https://lore.kernel.org/linux-cve-announce/2026032538-CVE-2026-23360-c464@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23361",
"url": "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23361-bd5c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23362",
"url": "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23362-40bd@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23363",
"url": "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23363-3e24@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23364",
"url": "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23364-4267@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23365",
"url": "https://lore.kernel.org/linux-cve-announce/2026032539-CVE-2026-23365-76d3@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23366",
"url": "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23366-a7c4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23367",
"url": "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23367-6e44@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23368",
"url": "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23368-c240@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23369",
"url": "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23369-b6c6@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23370",
"url": "https://lore.kernel.org/linux-cve-announce/2026032540-CVE-2026-23370-02d2@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23371",
"url": "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23371-1b32@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23372",
"url": "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23372-7bc9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23373",
"url": "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23373-0203@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23374",
"url": "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23374-9345@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23375",
"url": "https://lore.kernel.org/linux-cve-announce/2026032541-CVE-2026-23375-91b1@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23376",
"url": "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23376-114a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23377",
"url": "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23377-cb04@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23378",
"url": "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23378-f329@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23379",
"url": "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23379-3b2d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23380",
"url": "https://lore.kernel.org/linux-cve-announce/2026032542-CVE-2026-23380-9e3c@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23381",
"url": "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23381-378d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23382",
"url": "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23382-26fe@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23383",
"url": "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23383-f205@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23384",
"url": "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23384-489a@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23385",
"url": "https://lore.kernel.org/linux-cve-announce/2026032543-CVE-2026-23385-3414@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23386",
"url": "https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23386-acc4@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23387",
"url": "https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23387-4399@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23388",
"url": "https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23388-9e71@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23389",
"url": "https://lore.kernel.org/linux-cve-announce/2026032544-CVE-2026-23389-2056@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23390",
"url": "https://lore.kernel.org/linux-cve-announce/2026032537-CVE-2026-23390-7146@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23391",
"url": "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23391-bb43@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23392",
"url": "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23392-fd9d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23393",
"url": "https://lore.kernel.org/linux-cve-announce/2026032548-CVE-2026-23393-c395@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23394",
"url": "https://lore.kernel.org/linux-cve-announce/2026032549-CVE-2026-23394-9205@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2026-23395",
"url": "https://lore.kernel.org/linux-cve-announce/2026032549-CVE-2026-23395-5e50@gregkh/"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-25T23:00:00.000+00:00",
"generator": {
"date": "2026-03-26T07:56:13.854+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0861",
"initial_release_date": "2026-03-24T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-24T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-25T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-15382, EUVD-2026-15378, EUVD-2026-15381, EUVD-2026-15376, EUVD-2026-15374, EUVD-2026-15372, EUVD-2026-15371, EUVD-2026-15367, EUVD-2026-15368, EUVD-2026-15363, EUVD-2026-15365, EUVD-2026-15362, EUVD-2026-15359, EUVD-2026-15357, EUVD-2026-15355, EUVD-2026-15353, EUVD-2026-15351, EUVD-2026-15350, EUVD-2026-15345, EUVD-2026-15343, EUVD-2026-15344, EUVD-2026-15342, EUVD-2026-15336, EUVD-2026-15340, EUVD-2026-15339, EUVD-2026-15334, EUVD-2026-15332, EUVD-2026-15330, EUVD-2026-15328, EUVD-2026-15325, EUVD-2026-15329, EUVD-2026-15321, EUVD-2026-15323, EUVD-2026-15319, EUVD-2026-15317, EUVD-2026-15313, EUVD-2026-15312, EUVD-2026-15311, EUVD-2026-15310, EUVD-2026-15309, EUVD-2026-15308, EUVD-2026-15305, EUVD-2026-15307, EUVD-2026-15304, EUVD-2026-15299, EUVD-2026-15298, EUVD-2026-15295, EUVD-2026-15293, EUVD-2026-15292, EUVD-2026-15289, EUVD-2026-15287, EUVD-2026-15285, EUVD-2026-15284, EUVD-2026-15279, EUVD-2026-15278, EUVD-2026-15277, EUVD-2026-15276, EUVD-2026-15272, EUVD-2026-15274, EUVD-2026-15271, EUVD-2026-15269, EUVD-2026-15267, EUVD-2026-15263, EUVD-2026-15261, EUVD-2026-15258, EUVD-2026-15256, EUVD-2026-15254, EUVD-2026-15253, EUVD-2026-15252, EUVD-2026-15251, EUVD-2026-15250, EUVD-2026-15245, EUVD-2026-15248, EUVD-2026-15242, EUVD-2026-15238, EUVD-2026-15240, EUVD-2026-15235, EUVD-2026-15236, EUVD-2026-15234, EUVD-2026-15231, EUVD-2026-15233, EUVD-2026-15227, EUVD-2026-15224, EUVD-2026-15225, EUVD-2026-15221, EUVD-2026-15220, EUVD-2026-15218, EUVD-2026-15219, EUVD-2026-15216, EUVD-2026-15215, EUVD-2026-15211, EUVD-2026-15206, EUVD-2026-15208, EUVD-2026-15204, EUVD-2026-15200, EUVD-2026-15203, EUVD-2026-15198, EUVD-2026-15366, EUVD-2026-15384, EUVD-2026-15387, EUVD-2026-15388, EUVD-2026-15390, EUVD-2026-15392, EUVD-2026-15393, EUVD-2026-15394, EUVD-2026-15396, EUVD-2026-15398, EUVD-2026-15281, EUVD-2026-15348, EUVD-2026-15391, EUVD-2026-15331, EUVD-2026-15315, EUVD-2026-15301, EUVD-2026-15264, EUVD-2026-15246, EUVD-2026-15230, EUVD-2026-15212"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T028462",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:unspecified"
}
}
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23279",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23279"
},
{
"cve": "CVE-2026-23280",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23280"
},
{
"cve": "CVE-2026-23281",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23281"
},
{
"cve": "CVE-2026-23282",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23282"
},
{
"cve": "CVE-2026-23283",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23283"
},
{
"cve": "CVE-2026-23284",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23284"
},
{
"cve": "CVE-2026-23285",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23285"
},
{
"cve": "CVE-2026-23286",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23286"
},
{
"cve": "CVE-2026-23287",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23287"
},
{
"cve": "CVE-2026-23288",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23288"
},
{
"cve": "CVE-2026-23289",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23289"
},
{
"cve": "CVE-2026-23290",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23290"
},
{
"cve": "CVE-2026-23291",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23291"
},
{
"cve": "CVE-2026-23292",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23292"
},
{
"cve": "CVE-2026-23293",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23293"
},
{
"cve": "CVE-2026-23294",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23294"
},
{
"cve": "CVE-2026-23295",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23295"
},
{
"cve": "CVE-2026-23296",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23296"
},
{
"cve": "CVE-2026-23297",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23297"
},
{
"cve": "CVE-2026-23298",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23298"
},
{
"cve": "CVE-2026-23299",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23299"
},
{
"cve": "CVE-2026-23300",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23300"
},
{
"cve": "CVE-2026-23301",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23301"
},
{
"cve": "CVE-2026-23302",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23302"
},
{
"cve": "CVE-2026-23303",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23303"
},
{
"cve": "CVE-2026-23304",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23304"
},
{
"cve": "CVE-2026-23305",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23305"
},
{
"cve": "CVE-2026-23306",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23306"
},
{
"cve": "CVE-2026-23307",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23307"
},
{
"cve": "CVE-2026-23308",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23308"
},
{
"cve": "CVE-2026-23309",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23309"
},
{
"cve": "CVE-2026-23310",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23310"
},
{
"cve": "CVE-2026-23311",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23311"
},
{
"cve": "CVE-2026-23312",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23312"
},
{
"cve": "CVE-2026-23313",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23313"
},
{
"cve": "CVE-2026-23314",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23314"
},
{
"cve": "CVE-2026-23315",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23315"
},
{
"cve": "CVE-2026-23316",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23316"
},
{
"cve": "CVE-2026-23317",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-23318",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23318"
},
{
"cve": "CVE-2026-23319",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23319"
},
{
"cve": "CVE-2026-23320",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23320"
},
{
"cve": "CVE-2026-23321",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23321"
},
{
"cve": "CVE-2026-23322",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23322"
},
{
"cve": "CVE-2026-23323",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23323"
},
{
"cve": "CVE-2026-23324",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23324"
},
{
"cve": "CVE-2026-23325",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23325"
},
{
"cve": "CVE-2026-23326",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23326"
},
{
"cve": "CVE-2026-23327",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23327"
},
{
"cve": "CVE-2026-23328",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23328"
},
{
"cve": "CVE-2026-23329",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23329"
},
{
"cve": "CVE-2026-23330",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23330"
},
{
"cve": "CVE-2026-23331",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23331"
},
{
"cve": "CVE-2026-23332",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23332"
},
{
"cve": "CVE-2026-23333",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23333"
},
{
"cve": "CVE-2026-23334",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23334"
},
{
"cve": "CVE-2026-23335",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23335"
},
{
"cve": "CVE-2026-23336",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23336"
},
{
"cve": "CVE-2026-23337",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23337"
},
{
"cve": "CVE-2026-23338",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23338"
},
{
"cve": "CVE-2026-23339",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23339"
},
{
"cve": "CVE-2026-23340",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23340"
},
{
"cve": "CVE-2026-23341",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23341"
},
{
"cve": "CVE-2026-23342",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23342"
},
{
"cve": "CVE-2026-23343",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23343"
},
{
"cve": "CVE-2026-23344",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23344"
},
{
"cve": "CVE-2026-23345",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23345"
},
{
"cve": "CVE-2026-23346",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23346"
},
{
"cve": "CVE-2026-23347",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23347"
},
{
"cve": "CVE-2026-23348",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23348"
},
{
"cve": "CVE-2026-23349",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23349"
},
{
"cve": "CVE-2026-23350",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23350"
},
{
"cve": "CVE-2026-23351",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23351"
},
{
"cve": "CVE-2026-23352",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23352"
},
{
"cve": "CVE-2026-23353",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23353"
},
{
"cve": "CVE-2026-23354",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23354"
},
{
"cve": "CVE-2026-23355",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23355"
},
{
"cve": "CVE-2026-23356",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23356"
},
{
"cve": "CVE-2026-23357",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23357"
},
{
"cve": "CVE-2026-23358",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23358"
},
{
"cve": "CVE-2026-23359",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23359"
},
{
"cve": "CVE-2026-23360",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23360"
},
{
"cve": "CVE-2026-23361",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23361"
},
{
"cve": "CVE-2026-23362",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23362"
},
{
"cve": "CVE-2026-23363",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23363"
},
{
"cve": "CVE-2026-23364",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23364"
},
{
"cve": "CVE-2026-23365",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23365"
},
{
"cve": "CVE-2026-23366",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23366"
},
{
"cve": "CVE-2026-23367",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23367"
},
{
"cve": "CVE-2026-23368",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23368"
},
{
"cve": "CVE-2026-23369",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23369"
},
{
"cve": "CVE-2026-23370",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23370"
},
{
"cve": "CVE-2026-23371",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23371"
},
{
"cve": "CVE-2026-23372",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23372"
},
{
"cve": "CVE-2026-23373",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23373"
},
{
"cve": "CVE-2026-23374",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23374"
},
{
"cve": "CVE-2026-23375",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23375"
},
{
"cve": "CVE-2026-23376",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23376"
},
{
"cve": "CVE-2026-23377",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23377"
},
{
"cve": "CVE-2026-23378",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23378"
},
{
"cve": "CVE-2026-23379",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23379"
},
{
"cve": "CVE-2026-23380",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23380"
},
{
"cve": "CVE-2026-23381",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23381"
},
{
"cve": "CVE-2026-23382",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23382"
},
{
"cve": "CVE-2026-23383",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23383"
},
{
"cve": "CVE-2026-23384",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23384"
},
{
"cve": "CVE-2026-23385",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23385"
},
{
"cve": "CVE-2026-23386",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23386"
},
{
"cve": "CVE-2026-23387",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23387"
},
{
"cve": "CVE-2026-23388",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23388"
},
{
"cve": "CVE-2026-23389",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23389"
},
{
"cve": "CVE-2026-23390",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23390"
},
{
"cve": "CVE-2026-23391",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23391"
},
{
"cve": "CVE-2026-23392",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23392"
},
{
"cve": "CVE-2026-23393",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23393"
},
{
"cve": "CVE-2026-23394",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23394"
},
{
"cve": "CVE-2026-23395",
"product_status": {
"known_affected": [
"T028462"
]
},
"release_date": "2026-03-24T23:00:00.000+00:00",
"title": "CVE-2026-23395"
}
]
}
CERTFR-2026-AVI-0497
Vulnerability from certfr_avis - Published: 2026-04-24 - Updated: 2026-04-24
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP5 | ||
| SUSE | SUSE Linux Enterprise High Availability Extension | SUSE Linux Enterprise High Availability Extension 15 SP4 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP5 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP7 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 16.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP6 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 12 SP5 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing 15 SP4 | ||
| SUSE | SUSE Manager Retail Branch Server | SUSE Manager Retail Branch Server 4.3 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 12-SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP6 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP7 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 12 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 LTSS | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.4 | ||
| SUSE | SUSE Linux Enterprise High Performance Computing | SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 | ||
| SUSE | SUSE Linux Micro Extras | SUSE Linux Micro Extras 6.1 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP5 | ||
| SUSE | openSUSE Leap | openSUSE Leap 15.6 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.3 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP applications 16.0 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.3 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP6 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP4 | ||
| SUSE | SUSE Manager Proxy | SUSE Manager Proxy 4.3 | ||
| SUSE | SUSE Linux Micro Extras | SUSE Linux Micro Extras 6.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP7 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro for Rancher 5.2 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server for SAP Applications 15 SP4 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.2 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.5 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP4 | ||
| SUSE | SUSE Linux Enterprise Real Time | SUSE Linux Enterprise Real Time 15 SP6 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.1 | ||
| SUSE | SUSE Linux Micro | SUSE Linux Micro 6.0 | ||
| SUSE | SUSE Linux Enterprise Server | SUSE Linux Enterprise Server 15 SP7 | ||
| SUSE | SUSE Manager Server | SUSE Manager Server 4.3 | ||
| SUSE | SUSE Real Time Module | SUSE Real Time Module 15-SP7 | ||
| SUSE | SUSE Linux Enterprise Micro | SUSE Linux Enterprise Micro 5.4 | ||
| SUSE | SUSE Linux Enterprise Live Patching | SUSE Linux Enterprise Live Patching 15-SP4 | ||
| SUSE | SUSE Linux Micro Extras | SUSE Linux Micro Extras 6.0 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Availability Extension 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 16.0",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 12 SP5",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Retail Branch Server 4.3",
"product": {
"name": "SUSE Manager Retail Branch Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 12-SP5",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP6",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP7",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing LTSS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4 LTSS",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.1",
"product": {
"name": "SUSE Linux Micro Extras",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "openSUSE Leap 15.6",
"product": {
"name": "openSUSE Leap",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP applications 16.0",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Proxy 4.3",
"product": {
"name": "SUSE Manager Proxy",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.2",
"product": {
"name": "SUSE Linux Micro Extras",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro for Rancher 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server for SAP Applications 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.2",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Real Time 15 SP6",
"product": {
"name": "SUSE Linux Enterprise Real Time",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Server 15 SP7",
"product": {
"name": "SUSE Linux Enterprise Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Manager Server 4.3",
"product": {
"name": "SUSE Manager Server",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Real Time Module 15-SP7",
"product": {
"name": "SUSE Real Time Module",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Enterprise Live Patching 15-SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching",
"vendor": {
"name": "SUSE",
"scada": false
}
}
},
{
"description": "SUSE Linux Micro Extras 6.0",
"product": {
"name": "SUSE Linux Micro Extras",
"vendor": {
"name": "SUSE",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-23202",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23202"
},
{
"name": "CVE-2026-23054",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23054"
},
{
"name": "CVE-2026-23072",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23072"
},
{
"name": "CVE-2026-23281",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23281"
},
{
"name": "CVE-2026-23069",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23069"
},
{
"name": "CVE-2026-23293",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23293"
},
{
"name": "CVE-2026-23297",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23297"
},
{
"name": "CVE-2026-23187",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23187"
},
{
"name": "CVE-2026-23136",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23136"
},
{
"name": "CVE-2025-68794",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68794"
},
{
"name": "CVE-2025-40309",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40309"
},
{
"name": "CVE-2026-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23383"
},
{
"name": "CVE-2026-23412",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23412"
},
{
"name": "CVE-2026-5201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5201"
},
{
"name": "CVE-2026-23047",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23047"
},
{
"name": "CVE-2026-23268",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23268"
},
{
"name": "CVE-2026-23304",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23304"
},
{
"name": "CVE-2026-23209",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23209"
},
{
"name": "CVE-2026-23326",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23326"
},
{
"name": "CVE-2026-23317",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23317"
},
{
"name": "CVE-2025-38234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-38234"
},
{
"name": "CVE-2025-71239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71239"
},
{
"name": "CVE-2026-23207",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23207"
},
{
"name": "CVE-2026-23138",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23138"
},
{
"name": "CVE-2026-23204",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23204"
},
{
"name": "CVE-2026-23125",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23125"
},
{
"name": "CVE-2026-23319",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23319"
},
{
"name": "CVE-2026-23270",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23270"
},
{
"name": "CVE-2026-23030",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23030"
},
{
"name": "CVE-2026-23240",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23240"
},
{
"name": "CVE-2026-23191",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23191"
},
{
"name": "CVE-2026-23169",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23169"
},
{
"name": "CVE-2026-23201",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23201"
},
{
"name": "CVE-2026-23103",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23103"
},
{
"name": "CVE-2026-23074",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23074"
},
{
"name": "CVE-2025-71125",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71125"
},
{
"name": "CVE-2026-23262",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23262"
},
{
"name": "CVE-2026-23088",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23088"
},
{
"name": "CVE-2026-23414",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23414"
},
{
"name": "CVE-2026-22999",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22999"
},
{
"name": "CVE-2026-23216",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23216"
},
{
"name": "CVE-2026-23239",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23239"
},
{
"name": "CVE-2025-40201",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40201"
},
{
"name": "CVE-2025-39998",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39998"
},
{
"name": "CVE-2026-23259",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23259"
},
{
"name": "CVE-2026-23255",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23255"
},
{
"name": "CVE-2026-23140",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23140"
},
{
"name": "CVE-2025-71269",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71269"
},
{
"name": "CVE-2026-23243",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23243"
},
{
"name": "CVE-2026-23193",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23193"
},
{
"name": "CVE-2026-23215",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23215"
},
{
"name": "CVE-2026-23379",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23379"
},
{
"name": "CVE-2026-23381",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23381"
},
{
"name": "CVE-2026-23242",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23242"
},
{
"name": "CVE-2026-23274",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23274"
},
{
"name": "CVE-2025-71066",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71066"
},
{
"name": "CVE-2026-23361",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23361"
},
{
"name": "CVE-2025-71268",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71268"
},
{
"name": "CVE-2026-23425",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23425"
},
{
"name": "CVE-2026-23278",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23278"
},
{
"name": "CVE-2026-23343",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23343"
},
{
"name": "CVE-2026-23120",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23120"
},
{
"name": "CVE-2026-23292",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23292"
},
{
"name": "CVE-2026-23277",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23277"
},
{
"name": "CVE-2025-68818",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68818"
},
{
"name": "CVE-2026-23335",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23335"
},
{
"name": "CVE-2026-31788",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31788"
},
{
"name": "CVE-2026-23393",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23393"
},
{
"name": "CVE-2025-39817",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-39817"
},
{
"name": "CVE-2024-38542",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38542"
},
{
"name": "CVE-2026-23272",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23272"
},
{
"name": "CVE-2025-40253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40253"
},
{
"name": "CVE-2026-23395",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23395"
},
{
"name": "CVE-2025-71120",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71120"
},
{
"name": "CVE-2026-23413",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23413"
},
{
"name": "CVE-2026-23111",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23111"
},
{
"name": "CVE-2025-71231",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-71231"
},
{
"name": "CVE-2026-23157",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23157"
},
{
"name": "CVE-2026-23231",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23231"
},
{
"name": "CVE-2026-23419",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23419"
},
{
"name": "CVE-2026-23386",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23386"
},
{
"name": "CVE-2026-23398",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23398"
},
{
"name": "CVE-2025-40159",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-40159"
},
{
"name": "CVE-2026-23154",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23154"
}
],
"initial_release_date": "2026-04-24T00:00:00",
"last_revision_date": "2026-04-24T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0497",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le noyau Linux de SUSE. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans le noyau Linux de SUSE",
"vendor_advisories": [
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1532-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261532-1"
},
{
"published_at": "2026-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21230-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621230-1"
},
{
"published_at": "2026-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1463-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261463-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1574-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261574-1"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1527-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261527-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21114-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621114-1"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1531-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261531-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1583-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261583-1"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1505-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261505-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21221-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621221-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21120-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621120-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21123-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621123-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1573-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261573-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1578-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261578-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21122-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621122-1"
},
{
"published_at": "2026-04-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1458-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261458-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1560-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261560-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21131-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621131-1"
},
{
"published_at": "2026-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1469-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261469-1"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1444-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261444-1"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1537-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261537-1"
},
{
"published_at": "2026-04-13",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21129-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621129-1"
},
{
"published_at": "2026-04-22",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1557-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261557-1"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1535-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261535-1"
},
{
"published_at": "2026-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1464-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261464-1"
},
{
"published_at": "2026-04-19",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1456-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261456-1"
},
{
"published_at": "2026-04-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1447-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261447-1"
},
{
"published_at": "2026-04-21",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1513-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261513-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1563-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261563-1"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21255-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621255-1"
},
{
"published_at": "2026-04-18",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1454-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261454-1"
},
{
"published_at": "2026-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:21237-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621237-1"
},
{
"published_at": "2026-04-20",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1468-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261468-1"
},
{
"published_at": "2026-04-23",
"title": "Bulletin de s\u00e9curit\u00e9 SUSE SUSE-SU-2026:1575-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261575-1"
}
]
}
FKIE_CVE-2026-23335
Vulnerability from fkie_nvd - Published: 2026-03-25 11:16 - Updated: 2026-04-23 21:13
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
struct irdma_create_ah_resp { // 8 bytes, no padding
__u32 ah_id; // offset 0 - SET (uresp.ah_id = ah->sc_ah.ah_info.ah_idx)
__u8 rsvd[4]; // offset 4 - NEVER SET <- LEAK
};
rsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().
The reserved members of the structure were not zeroed.
References
| URL | Tags | ||
|---|---|---|---|
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8 | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a | Patch | |
| 416baaa9-dc9f-4396-8d5f-8c081fb06d67 | https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | * | |
| linux | linux_kernel | 5.14 | |
| linux | linux_kernel | 7.0 | |
| linux | linux_kernel | 7.0 | |
| linux | linux_kernel | 7.0 | |
| linux | linux_kernel | 7.0 | |
| linux | linux_kernel | 7.0 | |
| linux | linux_kernel | 7.0 | |
| linux | linux_kernel | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6B079407-83B2-4F8B-863E-9DEB27376206",
"versionEndExcluding": "5.15.203",
"versionStartIncluding": "5.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2EDC6BAF-B710-4E26-B6AA-D68922EE7B43",
"versionEndExcluding": "6.1.167",
"versionStartIncluding": "5.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C57BB918-DF28-46B3-94F7-144176841267",
"versionEndExcluding": "6.6.130",
"versionStartIncluding": "6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D12E00-E42D-4056-B354-BAD4903C03A5",
"versionEndExcluding": "6.12.77",
"versionStartIncluding": "6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E006E4-59C7-43C1-9231-62A72219F2BA",
"versionEndExcluding": "6.18.17",
"versionStartIncluding": "6.13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "69245D10-0B71-485E-80C3-A64F077004D3",
"versionEndExcluding": "6.19.7",
"versionStartIncluding": "6.19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:5.14:-:*:*:*:*:*:*",
"matchCriteriaId": "6A05198E-F8FA-4517-8D0E-8C95066AED38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F253B622-8837-4245-BCE5-A7BF8FC76A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "4AE85AD8-4641-4E7C-A2F4-305E2CD9EE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F666C8D8-6538-46D4-B318-87610DE64C34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "02259FDA-961B-47BC-AE7F-93D7EC6E90C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "58A9FEFF-C040-420D-8F0A-BFDAAA1DF258",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc6:*:*:*:*:*:*",
"matchCriteriaId": "1D2315C0-D46F-4F85-9754-F9E5E11374A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:7.0:rc7:*:*:*:*:*:*",
"matchCriteriaId": "512EE3A8-A590-4501-9A94-5D4B268D6138",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, no padding\n __u32 ah_id; // offset 0 - SET (uresp.ah_id = ah-\u003esc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // offset 4 - NEVER SET \u003c- LEAK\n};\n\nrsvd[4]: 4 bytes of stack memory leaked unconditionally. Only ah_id is assigned before ib_respond_udata().\n\nThe reserved members of the structure were not zeroed."
},
{
"lang": "es",
"value": "En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:\n\nRDMA/irdma: Correcci\u00f3n de fuga de pila del kernel en irdma_create_user_ah()\n\nstruct irdma_create_ah_resp { // 8 bytes, sin relleno\n __u32 ah_id; // desplazamiento 0 - ESTABLECIDO (uresp.ah_id = ah-\u0026gt;sc_ah.ah_info.ah_idx)\n __u8 rsvd[4]; // desplazamiento 4 - NUNCA ESTABLECIDO \u0026lt;- FUGA\n};\n\nrsvd[4]: 4 bytes de memoria de pila filtrados incondicionalmente. Solo ah_id se asigna antes de ib_respond_udata().\n\nLos miembros reservados de la estructura no fueron puestos a cero."
}
],
"id": "CVE-2026-23335",
"lastModified": "2026-04-23T21:13:06.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-25T11:16:31.050",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/14b47c07c69930254f549a17ee245c80a65b1609"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1b1fac4c7a3ab7f52e9cfb91e5c91216646ca4d8"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/1f70df004fdd944653013ccc2e1dfd472a693b46"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/2fd37450d271d74b3847baed284f9cfdf198c6f8"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/74586c6da9ea222a61c98394f2fc0a604748438c"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/c9bd0007c4bdb7806bbd323287e50f9cf467c51a"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
],
"url": "https://git.kernel.org/stable/c/cfe962216c164fe2b1c1fb6ac925a7413f5abc84"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…