Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-46300 (GCVE-0-2026-46300)
Vulnerability from cvelistv5 – Published: 2026-05-23 11:44 – Updated: 2026-07-02 12:05
VLAI
EPSS
Title
net: skbuff: preserve shared-frag marker during coalescing
Summary
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: preserve shared-frag marker during coalescing
skb_try_coalesce() can attach paged frags from @from to @to. If @from
has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same
externally-owned or page-cache-backed frags, but the shared-frag marker
is currently lost.
That breaks the invariant relied on by later in-place writers. In
particular, ESP input checks skb_has_shared_frag() before deciding
whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP
receive coalescing has moved shared frags into an unmarked skb, ESP can
see skb_has_shared_frag() as false and decrypt in place over page-cache
backed frags.
Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged
frags. The tailroom copy path does not need the marker because it copies
bytes into @to's linear data rather than transferring frag descriptors.
Severity
7.8 (High)
CWE
- CWE-123 - Write-what-where Condition
Assigner
References
47 references
Impacted products
59 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3599e6b3cc1ada96883d496a50a210d3afbb6987
(git)
Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 9d3e5fd19fe1063bf607219e8562fbd567b8e8d5 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 78bf6b6bb19541d19fbda6242e7cfe2c682763c0 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3bd9e113d50034db99d7ef69fd8e5242d15e414a (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < 3884358a9286b17f389a72b1426fc4547c23c111 (git) Affected: cef401de7be8c4e155c6746bfccf721a4fa5fab9 , < f84eca5817390257cef78013d0112481c503b4a3 (git) |
|
| Linux | Linux |
Affected:
3.9
Unaffected: 0 , < 3.9 (semver) Unaffected: 5.10.257 , ≤ 5.10.* (semver) Unaffected: 5.15.208 , ≤ 5.15.* (semver) Unaffected: 6.1.174 , ≤ 6.1.* (semver) Unaffected: 6.6.141 , ≤ 6.6.* (semver) Unaffected: 6.12.91 , ≤ 6.12.* (semver) Unaffected: 6.18.33 , ≤ 6.18.* (semver) Unaffected: 7.0.10 , ≤ 7.0.* (semver) Unaffected: 7.1 , ≤ * (original_commit_for_fix) |
|
| Red Hat | NVIDIA for RHEL 10 |
cpe:/a:redhat:enterprise_linux_nvidia:10::el10 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.21 |
cpe:/a:redhat:openshift:4.21::el10 cpe:/a:redhat:openshift:4.21::el8 cpe:/a:redhat:openshift:4.21::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.12 |
cpe:/a:redhat:openshift:4.12::el8 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.13 |
cpe:/a:redhat:openshift:4.13::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.14 |
cpe:/a:redhat:openshift:4.14::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.15 |
cpe:/a:redhat:openshift:4.15::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.16 |
cpe:/a:redhat:openshift:4.16::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.18 |
cpe:/a:redhat:openshift:4.18::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.19 |
cpe:/a:redhat:openshift:4.19::el9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4.20 |
cpe:/a:redhat:openshift:4.20::el9 |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::appstream |
|
| Red Hat | Red Hat Enterprise Linux AppStream (v. 9) |
cpe:/a:redhat:enterprise_linux:9::appstream |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 8) |
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.4) |
cpe:/o:redhat:rhel_aus:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4) |
cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS AUS (v.8.6) |
cpe:/o:redhat:rhel_aus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.6) |
cpe:/o:redhat:rhel_e4s:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.6) |
cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.8.8) |
cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS TUS (v.8.8) |
cpe:/o:redhat:rhel_tus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.0) |
cpe:/o:redhat:rhel_e4s:9.0::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.2) |
cpe:/o:redhat:rhel_e4s:9.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS E4S (v.9.4) |
cpe:/o:redhat:rhel_e4s:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.4) |
cpe:/o:redhat:rhel_eus:9.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS EUS (v.9.6) |
cpe:/o:redhat:rhel_eus:9.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux BaseOS (v. 9) |
cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux CRB (v. 8) |
cpe:/a:redhat:enterprise_linux:8::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::crb |
|
| Red Hat | Red Hat CodeReady Linux Builder EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::crb |
|
| Red Hat | Red Hat Enterprise Linux CodeReady Linux Builder (v. 9) |
cpe:/a:redhat:enterprise_linux:9::crb |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux NFV (v. 8) |
cpe:/a:redhat:enterprise_linux:8::nfv |
|
| Red Hat | Red Hat Enterprise Linux NFV E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time for NFV (v. 9) |
cpe:/a:redhat:enterprise_linux:9::nfv |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v. 10.0) |
cpe:/o:redhat:enterprise_linux_eus:10.0 |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 10) |
cpe:/o:redhat:enterprise_linux:10.2 |
|
| Red Hat | Red Hat Enterprise Linux RT (v. 8) |
cpe:/a:redhat:enterprise_linux:8::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.0) |
cpe:/a:redhat:rhel_e4s:9.0::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time E4S (v.9.2) |
cpe:/a:redhat:rhel_e4s:9.2::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.4) |
cpe:/a:redhat:rhel_eus:9.4::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time EUS (v.9.6) |
cpe:/a:redhat:rhel_eus:9.6::realtime |
|
| Red Hat | Red Hat Enterprise Linux Real Time (v. 9) |
cpe:/a:redhat:enterprise_linux:9::realtime |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-23T12:24:19.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/13/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/11"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/12"
},
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/21/13"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_nvidia:10::el10"
],
"defaultStatus": "affected",
"product": "NVIDIA for RHEL 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.21::el10",
"cpe:/a:redhat:openshift:4.21::el8",
"cpe:/a:redhat:openshift:4.21::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.21",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.12::el8"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.12",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.13::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.13",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.14::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.14",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.15::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.15",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.16::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.16",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.18::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.18",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.19::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.19",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4.20::el9"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4.20",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux AppStream (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS AUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS TUS (v.8.8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS E4S (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:rhel_eus:9.6::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux BaseOS (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CRB (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::crb"
],
"defaultStatus": "affected",
"product": "Red Hat CodeReady Linux Builder EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux NFV E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::nfv"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time for NFV (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux_eus:10.0"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v. 10.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.2"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 10)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux RT (v. 8)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.0::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.0)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_e4s:9.2::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time E4S (v.9.2)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.4::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.4)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:rhel_eus:9.6::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time EUS (v.9.6)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::realtime"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux Real Time (v. 9)",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-13T12:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel\u0027s XFRM ESP-in-TCP subsystem. Unsafe in-place cryptographic processing allows a low-privileged local attacker to write arbitrary bytes into the page cache of read-only files, including sensitive system files. An attacker can exploit this to overwrite privileged binaries and gain root privileges."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T12:05:08.415Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-46300"
},
{
"name": "RHBZ#2477015",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477015"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46300.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19540"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:33486"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2026:20032"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21695"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21690"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:28887"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23233"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20087"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:25044"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21656"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23245"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:21702"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23240"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20299"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19569"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19705"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20593"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20054"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20129"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19568"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19666"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23470"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20130"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:20051"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19521"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23471"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23469"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:24814"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:23468"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19664"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19711"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:19875"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:19540: NVIDIA for RHEL 10"
},
{
"lang": "en",
"value": "RHSA-2026:33486: NVIDIA for RHEL 10"
},
{
"lang": "en",
"value": "RHBA-2026:20032: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:21695: Red Hat OpenShift Container Platform 4.12"
},
{
"lang": "en",
"value": "RHSA-2026:21690: Red Hat OpenShift Container Platform 4.13"
},
{
"lang": "en",
"value": "RHSA-2026:28887: Red Hat OpenShift Container Platform 4.14"
},
{
"lang": "en",
"value": "RHSA-2026:23233: Red Hat OpenShift Container Platform 4.15"
},
{
"lang": "en",
"value": "RHSA-2026:20087: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:25044: Red Hat OpenShift Container Platform 4.16"
},
{
"lang": "en",
"value": "RHSA-2026:21656: Red Hat OpenShift Container Platform 4.18"
},
{
"lang": "en",
"value": "RHSA-2026:23245: Red Hat OpenShift Container Platform 4.19"
},
{
"lang": "en",
"value": "RHSA-2026:21702: Red Hat OpenShift Container Platform 4.20"
},
{
"lang": "en",
"value": "RHSA-2026:23240: Red Hat OpenShift Container Platform 4.21"
},
{
"lang": "en",
"value": "RHSA-2026:20299: Red Hat Enterprise Linux AppStream EUS (v. 10.0), Red Hat Enterprise Linux BaseOS EUS (v. 10.0), Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0), Red Hat Enterprise Linux Real Time EUS (v. 10.0), Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19569: Red Hat Enterprise Linux AppStream (v. 10), Red Hat Enterprise Linux BaseOS (v. 10), Red Hat Enterprise Linux CodeReady Linux Builder (v. 10), Red Hat Enterprise Linux Real Time (v. 10), Red Hat Enterprise Linux Real Time for NFV (v. 10)"
},
{
"lang": "en",
"value": "RHSA-2026:19705: Red Hat Enterprise Linux AppStream E4S (v.9.0), Red Hat Enterprise Linux BaseOS E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:20593: Red Hat Enterprise Linux AppStream E4S (v.9.2), Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:20054: Red Hat CodeReady Linux Builder EUS (v.9.4), Red Hat Enterprise Linux AppStream EUS (v.9.4), Red Hat Enterprise Linux BaseOS EUS (v.9.4), Red Hat Enterprise Linux Real Time EUS (v.9.4), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20129: Red Hat CodeReady Linux Builder EUS (v.9.6), Red Hat Enterprise Linux AppStream EUS (v.9.6), Red Hat Enterprise Linux BaseOS EUS (v.9.6), Red Hat Enterprise Linux Real Time EUS (v.9.6), Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19568: Red Hat Enterprise Linux AppStream (v. 9), Red Hat Enterprise Linux BaseOS (v. 9), Red Hat Enterprise Linux CodeReady Linux Builder (v. 9), Red Hat Enterprise Linux Real Time (v. 9), Red Hat Enterprise Linux Real Time for NFV (v. 9)"
},
{
"lang": "en",
"value": "RHSA-2026:19666: Red Hat Enterprise Linux BaseOS (v. 8), Red Hat Enterprise Linux CRB (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:23470: Red Hat Enterprise Linux BaseOS (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:20130: Red Hat Enterprise Linux BaseOS AUS (v.8.4), Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)"
},
{
"lang": "en",
"value": "RHSA-2026:20051: Red Hat Enterprise Linux BaseOS AUS (v.8.6), Red Hat Enterprise Linux BaseOS E4S (v.8.6), Red Hat Enterprise Linux BaseOS TUS (v.8.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19521: Red Hat Enterprise Linux BaseOS E4S (v.8.8), Red Hat Enterprise Linux BaseOS TUS (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:23471: Red Hat Enterprise Linux BaseOS E4S (v.8.8)"
},
{
"lang": "en",
"value": "RHSA-2026:23469: Red Hat Enterprise Linux BaseOS E4S (v.9.2)"
},
{
"lang": "en",
"value": "RHSA-2026:24814: Red Hat Enterprise Linux BaseOS E4S (v.9.4)"
},
{
"lang": "en",
"value": "RHSA-2026:23468: Red Hat Enterprise Linux BaseOS EUS (v.9.6)"
},
{
"lang": "en",
"value": "RHSA-2026:19664: Red Hat Enterprise Linux NFV (v. 8), Red Hat Enterprise Linux RT (v. 8)"
},
{
"lang": "en",
"value": "RHSA-2026:19711: Red Hat Enterprise Linux NFV E4S (v.9.0), Red Hat Enterprise Linux Real Time E4S (v.9.0)"
},
{
"lang": "en",
"value": "RHSA-2026:19875: Red Hat Enterprise Linux Real Time E4S (v.9.2), Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-13T13:28:21.270Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-13T12:00:00.000Z",
"value": "Made public."
}
],
"title": "kernel: \"Fragnesia\" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel",
"workarounds": [
{
"lang": "en",
"value": "See the security bulletin for a detailed mitigation procedure."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "3599e6b3cc1ada96883d496a50a210d3afbb6987",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "9d3e5fd19fe1063bf607219e8562fbd567b8e8d5",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "78bf6b6bb19541d19fbda6242e7cfe2c682763c0",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "3bd9e113d50034db99d7ef69fd8e5242d15e414a",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "3884358a9286b17f389a72b1426fc4547c23c111",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
},
{
"lessThan": "f84eca5817390257cef78013d0112481c503b4a3",
"status": "affected",
"version": "cef401de7be8c4e155c6746bfccf721a4fa5fab9",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"net/core/skbuff.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.9"
},
{
"lessThan": "3.9",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.257",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.208",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.174",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.141",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.91",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.33",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.0.*",
"status": "unaffected",
"version": "7.0.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "7.1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.257",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.208",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.174",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.141",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.91",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.33",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.10",
"versionStartIncluding": "3.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1",
"versionStartIncluding": "3.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-14T18:07:34.359Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3599e6b3cc1ada96883d496a50a210d3afbb6987"
},
{
"url": "https://git.kernel.org/stable/c/2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c"
},
{
"url": "https://git.kernel.org/stable/c/9d3e5fd19fe1063bf607219e8562fbd567b8e8d5"
},
{
"url": "https://git.kernel.org/stable/c/78bf6b6bb19541d19fbda6242e7cfe2c682763c0"
},
{
"url": "https://git.kernel.org/stable/c/760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e"
},
{
"url": "https://git.kernel.org/stable/c/3bd9e113d50034db99d7ef69fd8e5242d15e414a"
},
{
"url": "https://git.kernel.org/stable/c/3884358a9286b17f389a72b1426fc4547c23c111"
},
{
"url": "https://git.kernel.org/stable/c/f84eca5817390257cef78013d0112481c503b4a3"
}
],
"title": "net: skbuff: preserve shared-frag marker during coalescing",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2026-46300",
"datePublished": "2026-05-23T11:44:02.231Z",
"dateReserved": "2026-05-13T15:03:33.111Z",
"dateUpdated": "2026-07-02T12:05:08.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-46300",
"date": "2026-07-04",
"epss": "0.03663",
"percentile": "0.88284"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-46300\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-05-23T12:17:02.660\",\"lastModified\":\"2026-07-02T12:17:27.630\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nnet: skbuff: preserve shared-frag marker during coalescing\\n\\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\\nexternally-owned or page-cache-backed frags, but the shared-frag marker\\nis currently lost.\\n\\nThat breaks the invariant relied on by later in-place writers. In\\nparticular, ESP input checks skb_has_shared_frag() before deciding\\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\\nbacked frags.\\n\\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\\nfrags. The tailroom copy path does not need the marker because it copies\\nbytes into @to\u0027s linear data rather than transferring frag descriptors.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"net/core/skbuff.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"3599e6b3cc1ada96883d496a50a210d3afbb6987\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"9d3e5fd19fe1063bf607219e8562fbd567b8e8d5\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"78bf6b6bb19541d19fbda6242e7cfe2c682763c0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"3bd9e113d50034db99d7ef69fd8e5242d15e414a\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"3884358a9286b17f389a72b1426fc4547c23c111\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"cef401de7be8c4e155c6746bfccf721a4fa5fab9\",\"lessThan\":\"f84eca5817390257cef78013d0112481c503b4a3\",\"versionType\":\"git\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"net/core/skbuff.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3.9\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"3.9\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.257\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.208\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.174\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.141\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.91\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.33\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.10\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"NVIDIA for RHEL 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_nvidia:10::el10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.21\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.21::el10\",\"cpe:/a:redhat:openshift:4.21::el8\",\"cpe:/a:redhat:openshift:4.21::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.12\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.12::el8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.13\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.13::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.14\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.14::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.15\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.15::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.16\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.16::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.18\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.18::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.19\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.19::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4.20\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4.20::el9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_aus:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:8.8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_tus:8.8::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.0::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.2::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS E4S (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_e4s:9.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.4::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_eus:9.6::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux BaseOS (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9::baseos\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CRB (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat CodeReady Linux Builder EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux CodeReady Linux Builder (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::crb\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux NFV (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux NFV E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time for NFV (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::nfv\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.2\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux RT (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Real Time (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::realtime\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-123\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.9\",\"versionEndIncluding\":\"5.10.257\",\"matchCriteriaId\":\"F9A3A7BF-1E69-475E-AC2B-C86A5C85A4DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.208\",\"matchCriteriaId\":\"E12545D2-1AE9-4FE1-83B6-2F9BD440AA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.174\",\"matchCriteriaId\":\"8190F4E2-90A8-4343-8E30-95288912FFD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.141\",\"matchCriteriaId\":\"97A9FFFA-22BB-4D5C-9790-5A2286E392F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.91\",\"matchCriteriaId\":\"C918746B-DE6F-448F-A93E-A04C5481688D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.18.33\",\"matchCriteriaId\":\"96D99E49-380D-43AB-BDBA-25C3AD018A9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.19\",\"versionEndExcluding\":\"7.0.10\",\"matchCriteriaId\":\"A13475D2-59BF-4716-94B5-7C1D239A2CF4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1EF7059-E670-45F4-B422-54C40FA86390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D38F0BF-A728-4133-A358-D44A2F7EE6D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC732D08-5F7B-46D9-B154-E60C7F4F0A97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5910A9D-F60A-409A-B486-FE66BFEBA9B9\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/2f2b16022a2e10ca7bccfb98db5ed2ec0f72641c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3599e6b3cc1ada96883d496a50a210d3afbb6987\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3884358a9286b17f389a72b1426fc4547c23c111\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/3bd9e113d50034db99d7ef69fd8e5242d15e414a\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/760e1addc27ba1a7beb4a0a7e8b3e9ec49e7a34e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/78bf6b6bb19541d19fbda6242e7cfe2c682763c0\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9d3e5fd19fe1063bf607219e8562fbd567b8e8d5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f84eca5817390257cef78013d0112481c503b4a3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/13/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/21/11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/21/12\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/21/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://access.redhat.com/errata/RHBA-2026:20032\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19521\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19540\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19568\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19569\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19664\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19666\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19705\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19711\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:19875\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20051\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20054\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20087\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20129\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20130\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20299\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:20593\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21656\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21690\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21695\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:21702\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23233\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23240\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23245\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23468\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23469\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23470\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:23471\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:24814\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:25044\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:28887\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:33486\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2026-46300\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2477015\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-46300.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}"
}
}
SUSE-SU-2026:22402-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:32 - Updated: 2026-06-24 09:32Summary
Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.0-kernel-467
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-467",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22402-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22402-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622402-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22402-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-July/027202.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:32:59Z",
"generator": {
"date": "2026-06-24T09:32:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22402-1",
"initial_release_date": "2026-06-24T09:32:59Z",
"revision_history": [
{
"date": "2026-06-24T09:32:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22411-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:59 - Updated: 2026-06-24 09:59Summary
Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.0-kernel-478
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-478",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22411-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22411-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622411-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22411-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-July/027193.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:59:05Z",
"generator": {
"date": "2026-06-24T09:59:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22411-1",
"initial_release_date": "2026-06-24T09:59:05Z",
"revision_history": [
{
"date": "2026-06-24T09:59:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22412-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:59 - Updated: 2026-06-24 09:59Summary
Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.0-kernel-479
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-479",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22412-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22412-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622412-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22412-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-July/027192.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:59:05Z",
"generator": {
"date": "2026-06-24T09:59:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22412-1",
"initial_release_date": "2026-06-24T09:59:05Z",
"revision_history": [
{
"date": "2026-06-24T09:59:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22425-1
Vulnerability from csaf_suse - Published: 2026-06-25 11:37 - Updated: 2026-06-25 11:37Summary
Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.0-kernel-492
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-492",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22425-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22425-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622425-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22425-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047870.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-25T11:37:22Z",
"generator": {
"date": "2026-06-25T11:37:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22425-1",
"initial_release_date": "2026-06-25T11:37:22Z",
"revision_history": [
{
"date": "2026-06-25T11:37:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22462-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:32 - Updated: 2026-06-24 09:32Summary
Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.1-kernel-467
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-467",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22462-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22462-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622462-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22462-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-July/027247.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:32:59Z",
"generator": {
"date": "2026-06-24T09:32:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22462-1",
"initial_release_date": "2026-06-24T09:32:59Z",
"revision_history": [
{
"date": "2026-06-24T09:32:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-42-default-3-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-default-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:32:59Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22474-1
Vulnerability from csaf_suse - Published: 2026-06-25 11:37 - Updated: 2026-06-25 11:37Summary
Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.1-kernel-492
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-492",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22474-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22474-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622474-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22474-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047932.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-25T11:37:22Z",
"generator": {
"date": "2026-06-25T11:37:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22474-1",
"initial_release_date": "2026-06-25T11:37:22Z",
"revision_history": [
{
"date": "2026-06-25T11:37:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-43-default-2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.s390x",
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-default-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:37:22Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22488-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:59 - Updated: 2026-06-24 09:59Summary
Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.1-kernel-478
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-42.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-478",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22488-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22488-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622488-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22488-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047918.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 20 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:59:05Z",
"generator": {
"date": "2026-06-24T09:59:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22488-1",
"initial_release_date": "2026-06-24T09:59:05Z",
"revision_history": [
{
"date": "2026-06-24T09:59:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-42-rt-3-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:22489-1
Vulnerability from csaf_suse - Published: 2026-06-24 09:59 - Updated: 2026-06-24 09:59Summary
Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).
- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).
- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).
- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46323: net: gro: don't merge zcopy skbs (bsc#1268282).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).
Patchnames: SUSE-SLE-Micro-6.1-kernel-479
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-43.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (bsc#1261640).\n- CVE-2026-31504: net: fix fanout UAF in packet_release() via NETDEV_UP race (bsc#1263088).\n- CVE-2026-31694: fuse: reject oversized dirents in page cache (bsc#1263902).\n- CVE-2026-43503: final dirty.frag related fixes (bsc#1266229).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46323: net: gro: don\u0027t merge zcopy skbs (bsc#1268282).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n- net/sched: fix pedit partial COW leading to page cache (bsc#1267625).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.1-kernel-479",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_22489-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:22489-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202622489-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:22489-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-July/047917.html"
},
{
"category": "self",
"summary": "SUSE Bug 1261640",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "self",
"summary": "SUSE Bug 1263088",
"url": "https://bugzilla.suse.com/1263088"
},
{
"category": "self",
"summary": "SUSE Bug 1263902",
"url": "https://bugzilla.suse.com/1263902"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE Bug 1266229",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "self",
"summary": "SUSE Bug 1267625",
"url": "https://bugzilla.suse.com/1267625"
},
{
"category": "self",
"summary": "SUSE Bug 1268282",
"url": "https://bugzilla.suse.com/1268282"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31402 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31402/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31504 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31694 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43503 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43503/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46323 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 21 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-24T09:59:05Z",
"generator": {
"date": "2026-06-24T09:59:05Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:22489-1",
"initial_release_date": "2026-06-24T09:59:05Z",
"revision_history": [
{
"date": "2026-06-24T09:59:05Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.1",
"product": {
"name": "SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64 as component of SUSE Linux Micro 6.1",
"product_id": "SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-31402",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31402"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix heap overflow in NFSv4.0 LOCK replay cache\n\nThe NFSv4.0 replay cache uses a fixed 112-byte inline buffer\n(rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses.\nThis size was calculated based on OPEN responses and does not account\nfor LOCK denied responses, which include the conflicting lock owner as\na variable-length field up to 1024 bytes (NFS4_OPAQUE_LIMIT).\n\nWhen a LOCK operation is denied due to a conflict with an existing lock\nthat has a large owner, nfsd4_encode_operation() copies the full encoded\nresponse into the undersized replay buffer via read_bytes_from_xdr_buf()\nwith no bounds check. This results in a slab-out-of-bounds write of up\nto 944 bytes past the end of the buffer, corrupting adjacent heap memory.\n\nThis can be triggered remotely by an unauthenticated attacker with two\ncooperating NFSv4.0 clients: one sets a lock with a large owner string,\nthen the other requests a conflicting lock to provoke the denial.\n\nWe could fix this by increasing NFSD4_REPLAY_ISIZE to allow for a full\nopaque, but that would increase the size of every stateowner, when most\nlockowners are not that large.\n\nInstead, fix this by checking the encoded response length against\nNFSD4_REPLAY_ISIZE before copying into the replay buffer. If the\nresponse is too large, set rp_buflen to 0 to skip caching the replay\npayload. The status is still cached, and the client already received the\ncorrect response on the original request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31402",
"url": "https://www.suse.com/security/cve/CVE-2026-31402"
},
{
"category": "external",
"summary": "SUSE Bug 1261638 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261638"
},
{
"category": "external",
"summary": "SUSE Bug 1261640 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1261640"
},
{
"category": "external",
"summary": "SUSE Bug 1265160 for CVE-2026-31402",
"url": "https://bugzilla.suse.com/1265160"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31402"
},
{
"cve": "CVE-2026-31504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31504"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix fanout UAF in packet_release() via NETDEV_UP race\n\n`packet_release()` has a race window where `NETDEV_UP` can re-register a\nsocket into a fanout group\u0027s `arr[]` array. The re-registration is not\ncleaned up by `fanout_release()`, leaving a dangling pointer in the fanout\narray.\n`packet_release()` does NOT zero `po-\u003enum` in its `bind_lock` section.\nAfter releasing `bind_lock`, `po-\u003enum` is still non-zero and `po-\u003eifindex`\nstill matches the bound device. A concurrent `packet_notifier(NETDEV_UP)`\nthat already found the socket in `sklist` can re-register the hook.\nFor fanout sockets, this re-registration calls `__fanout_link(sk, po)`\nwhich adds the socket back into `f-\u003earr[]` and increments `f-\u003enum_members`,\nbut does NOT increment `f-\u003esk_ref`.\n\nThe fix sets `po-\u003enum` to zero in `packet_release` while `bind_lock` is\nheld to prevent NETDEV_UP from linking, preventing the race window.\n\nThis bug was found following an additional audit with Claude Code based\non CVE-2025-38617.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31504",
"url": "https://www.suse.com/security/cve/CVE-2026-31504"
},
{
"category": "external",
"summary": "SUSE Bug 1263085 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263085"
},
{
"category": "external",
"summary": "SUSE Bug 1263088 for CVE-2026-31504",
"url": "https://bugzilla.suse.com/1263088"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31504"
},
{
"cve": "CVE-2026-31694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31694"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfuse: reject oversized dirents in page cache\n\nfuse_add_dirent_to_cache() computes a serialized dirent size from the\nserver-controlled namelen field and copies the dirent into a single\npage-cache page. The existing logic only checks whether the dirent fits\nin the remaining space of the current page and advances to a fresh page\nif not. It never checks whether the dirent itself exceeds PAGE_SIZE.\n\nAs a result, a malicious FUSE server can return a dirent with\nnamelen=4095, producing a serialized record size of 4120 bytes. On 4 KiB\npage systems this causes memcpy() to overflow the cache page by 24 bytes\ninto the following kernel page.\n\nReject dirents that cannot fit in a single page before copying them into\nthe readdir cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31694",
"url": "https://www.suse.com/security/cve/CVE-2026-31694"
},
{
"category": "external",
"summary": "SUSE Bug 1263901 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263901"
},
{
"category": "external",
"summary": "SUSE Bug 1263902 for CVE-2026-31694",
"url": "https://bugzilla.suse.com/1263902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-31694"
},
{
"cve": "CVE-2026-43503",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43503"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: propagate shared-frag marker through frag-transfer helpers\n\nTwo frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail\nto propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()-\u003eflags when\nmoving frags from source to destination. __pskb_copy_fclone() defers\nthe rest of the shinfo metadata to skb_copy_header() after copying\nfrag descriptors, but that helper only carries over gso_{size,segs,\ntype} and never touches skb_shinfo()-\u003eflags; skb_shift() moves frag\ndescriptors directly and leaves flags untouched. As a result, the\ndestination skb keeps a reference to the same externally-owned or\npage-cache-backed pages while reporting skb_has_shared_frag() as\nfalse.\n\nThe mismatch is harmful in any in-place writer that uses\nskb_has_shared_frag() to decide whether shared pages must be detoured\nthrough skb_cow_data(). ESP input is one such writer (esp4.c,\nesp6.c), and a single nft \u0027dup to \u003clocal\u003e\u0027 rule -- or any other\nnf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()\u0027d\nskb in esp_input() with the marker stripped, letting an unprivileged\nuser write into the page cache of a root-owned read-only file via\nauthencesn-ESN stray writes.\n\nSet SKBFL_SHARED_FRAG on the destination whenever frag descriptors\nwere actually moved from the source. skb_copy() and skb_copy_expand()\nshare skb_copy_header() too but linearize all paged data into freshly\nallocated head storage and emerge with nr_frags == 0, so\nskb_has_shared_frag() returns false on its own; they need no change.\n\nThe same omission exists in skb_gro_receive() and skb_gro_receive_list().\nThe former moves the incoming skb\u0027s frag descriptors into the\naccumulator\u0027s last sub-skb via two paths (a direct frag-move loop and\nthe head_frag + memcpy path); the latter chains the incoming skb whole\nonto p\u0027s frag_list. Downstream skb_segment() reads only\nskb_shinfo(p)-\u003eflags, and skb_segment_list() reuses each sub-skb\u0027s\nshinfo as the nskb -- both p and lp must carry the marker.\n\nThe same omission also exists in tcp_clone_payload(), which builds an\nMTU probe skb by moving frag descriptors from skbs on sk_write_queue\ninto a freshly allocated nskb. The helper falls into the same family\nand warrants the same fix for consistency; no TCP TX-side in-place\nwriter is currently known to reach a user page through this gap, but\na future consumer depending on the marker would regress silently.\n\nThe same omission exists in skb_segment(): the per-iteration flag\nmerge takes only head_skb\u0027s flag, and the inner switch that rebinds\nfrag_skb to list_skb on head_skb-frags exhaustion does not fold the\nnew frag_skb\u0027s flag into nskb. Fold frag_skb\u0027s flag at both sites\nso segments drawing frags from frag_list members carry the marker.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43503",
"url": "https://www.suse.com/security/cve/CVE-2026-43503"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1265960"
},
{
"category": "external",
"summary": "SUSE Bug 1266229 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1266229"
},
{
"category": "external",
"summary": "SUSE Bug 1269878 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1269878"
},
{
"category": "external",
"summary": "SUSE Bug 1270098 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270098"
},
{
"category": "external",
"summary": "SUSE Bug 1270100 for CVE-2026-43503",
"url": "https://bugzilla.suse.com/1270100"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-43503"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46323"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: gro: don\u0027t merge zcopy skbs\n\nskb_gro_receive() can currently copy frags between the source and GRO\nskb, without checking the zerocopy status, and in particular the\nSKBFL_MANAGED_FRAG_REFS flag.\n\nWhen SKBFL_MANAGED_FRAG_REFS is set, the skb doesn\u0027t hold a reference\non the pages in shinfo-\u003efrags. Appending those frags to another skb\u0027s\nfrags without fixing up the page refcount can lead to UAF.\n\nWhen either the last skb in the GRO chain (the one we would append\nfrags to) or the source skb is zerocopy, don\u0027t merge the skbs.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46323",
"url": "https://www.suse.com/security/cve/CVE-2026-46323"
},
{
"category": "external",
"summary": "SUSE Bug 1268029 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268029"
},
{
"category": "external",
"summary": "SUSE Bug 1268282 for CVE-2026-46323",
"url": "https://bugzilla.suse.com/1268282"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46323"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.1:kernel-livepatch-6_4_0-43-rt-2-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-24T09:59:05Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
WID-SEC-W-2026-1530
Vulnerability from csaf_certbund - Published: 2026-05-14 22:00 - Updated: 2026-06-16 22:00Summary
Linux Kernel (Fragnesia): Schwachstelle ermöglicht Erlangen von Administratorrechten
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff: Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Administratorrechte zu erlangen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
19 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat OpenShift Container Platform <4.12.91
Red Hat / OpenShift
|
Container Platform <4.12.91 | ||
|
IBM QRadar SIEM <7.5.0 UP15 IF04
IBM / QRadar SIEM
|
<7.5.0 UP15 IF04 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Debian Linux
Debian
|
cpe:/o:debian:debian_linux:-
|
— | |
|
Oracle Linux
Oracle
|
cpe:/o:oracle:linux:-
|
— | |
|
Red Hat OpenShift Container Platform <4.13.67
Red Hat / OpenShift
|
Container Platform <4.13.67 | ||
|
Open Source Linux Kernel
Open Source
|
cpe:/o:linux:linux_kernel:-
|
— | |
|
Nutanix Files
Nutanix
|
cpe:/a:nutanix:files:-
|
— | |
|
Red Hat OpenShift Container Platform <4.18.43
Red Hat / OpenShift
|
Container Platform <4.18.43 | ||
|
RESF Rocky Linux
RESF
|
cpe:/o:resf:rocky_linux:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— | |
|
Red Hat Enterprise Linux 9.2
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:9.2
|
9.2 | |
|
Nutanix Kubernetes Engine
Nutanix
|
cpe:/a:nutanix:kubernetes_engine:-
|
— | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Red Hat OpenShift <4.21.19
Red Hat / OpenShift
|
<4.21.19 | ||
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— | |
|
Google Container-Optimized OS
Google
|
cpe:/o:google:container-optimized_os:-
|
— |
References
196 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann eine Schwachstelle in Linux Kernel ausnutzen, um Administratorrechte zu erlangen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1530 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1530.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1530 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1530"
},
{
"category": "external",
"summary": "Red Hat Bugzilla Bug 2477015 vom 2026-05-13",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477015"
},
{
"category": "external",
"summary": "PoC CVE-2026-46300 vom 2026-05-13",
"url": "https://github.com/v12-security/pocs/blob/main/fragnesia%2FREADME.md"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2026-05-13",
"url": "https://access.redhat.com/security/cve/cve-2026-46300"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-CCCB681166 vom 2026-05-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-cccb681166"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-EC1C523FDB vom 2026-05-14",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ec1c523fdb"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-4462EFC052 vom 2026-05-13",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-4462efc052"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1909-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026084.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2-2026-3307 vom 2026-05-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3307.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.10-2026-119 vom 2026-05-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.10-2026-119.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.15-2026-103 vom 2026-05-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.15-2026-103.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1904-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026087.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1907-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026086.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2KERNEL-5.4-2026-122 vom 2026-05-15",
"url": "https://alas.aws.amazon.com/AL2/ALAS2KERNEL-5.4-2026-122.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1899-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026090.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1900-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026089.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1908-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026085.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-2AEB7D033A vom 2026-05-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-2aeb7d033a"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-03BE3DC34B vom 2026-05-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-03be3dc34b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-8B4A8D18D2 vom 2026-05-15",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-8b4a8d18d2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1959-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026125.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:1978-1 vom 2026-05-18",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026140.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-DB3618772B vom 2026-05-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-db3618772b"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-88A1FB9418 vom 2026-05-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-88a1fb9418"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-346FBEC5D5 vom 2026-05-19",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-346fbec5d5"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20758-1 vom 2026-05-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/45QOQVK3DW34MAWEZNOXGCLMB4HJZVDJ/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21673-1 vom 2026-05-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026162.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19540 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19540"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21645-1 vom 2026-05-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026190.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21646-1 vom 2026-05-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026189.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21684-1 vom 2026-05-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026154.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19521 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19521"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19875 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:19875"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19568 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:19568"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19569 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19569"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19705 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19705"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19664 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19711 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19711"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:19666 vom 2026-05-20",
"url": "https://access.redhat.com/errata/RHSA-2026:19666"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20051 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:20051"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20299 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:20299"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21718-1 vom 2026-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026207.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20054 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:20054"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20129 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:20129"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20130 vom 2026-05-21",
"url": "https://access.redhat.com/errata/RHSA-2026:20130"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21689-1 vom 2026-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026236.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21690-1 vom 2026-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026235.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-19666 vom 2026-05-25",
"url": "https://linux.oracle.com/errata/ELSA-2026-19666.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6295 vom 2026-05-24",
"url": "https://security-tracker.debian.org/tracker/DSA-6295-1"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:19666 vom 2026-05-23",
"url": "https://errata.build.resf.org/RLSA-2026:19666"
},
{
"category": "external",
"summary": "Rocky Linux Security Advisory RLSA-2026:19664 vom 2026-05-23",
"url": "https://errata.build.resf.org/RLSA-2026:19664"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20593 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20593"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-299 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-299.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21749-1 vom 2026-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026308.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50287 vom 2026-05-26",
"url": "https://linux.oracle.com/errata/ELSA-2026-50287.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50288 vom 2026-05-26",
"url": "https://linux.oracle.com/errata/ELSA-2026-50288.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21779-1 vom 2026-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026284.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50288 vom 2026-05-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-50288.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50287 vom 2026-05-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-50287.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50286 vom 2026-05-26",
"url": "http://linux.oracle.com/errata/ELSA-2026-50286.html"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50286 vom 2026-05-26",
"url": "https://linux.oracle.com/errata/ELSA-2026-50286.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-295 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-295.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-296 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-296.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-297 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-297.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-298 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-298.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALAS2LIVEPATCH-2026-300 vom 2026-05-26",
"url": "https://alas.aws.amazon.com/AL2/ALAS2LIVEPATCH-2026-300.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21782-1 vom 2026-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026357.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21800-1 vom 2026-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026344.html"
},
{
"category": "external",
"summary": "Nutanix Security Advisory SA-48 vom 2026-05-27",
"url": "https://download.nutanix.com/alerts/Security_Advisory_0048.pdf"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6306 vom 2026-05-28",
"url": "https://lists.debian.org/debian-security-announce/2026/msg00217.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20087 vom 2026-05-29",
"url": "https://access.redhat.com/errata/RHSA-2026:20087"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4606 vom 2026-05-29",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00051.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2111-1 vom 2026-05-30",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026397.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA-4607 vom 2026-05-29",
"url": "https://lists.debian.org/debian-lts-announce/2026/05/msg00052.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2158-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026403.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2133-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026409.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2153-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026404.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2148-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026407.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2176-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026398.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2134-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026411.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2178-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026399.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2168-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026400.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2131-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026410.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2172-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026401.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2159-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026402.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2137-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026408.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2149-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026405.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2141-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026406.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2207-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026438.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2191-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026412.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2189-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026413.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2181-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026414.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2200-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026421.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2199-1 vom 2026-06-01",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026420.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2214-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026440.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21939-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026455.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21924-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026470.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21891-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026501.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8373-1 vom 2026-06-02",
"url": "https://ubuntu.com/security/notices/USN-8373-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21894-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026498.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21923-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026471.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21889-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026503.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21940-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026454.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21922-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026472.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8370-1 vom 2026-06-02",
"url": "https://ubuntu.com/security/notices/USN-8370-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21942-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026452.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21921-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026473.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21886-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026506.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21910-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026483.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21893-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026499.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21926-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026468.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21938-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026456.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21925-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026469.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21890-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026502.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21929-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026465.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21934-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026460.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21935-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026459.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21928-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026466.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21896-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026496.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21936-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026458.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21927-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026467.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8374-1 vom 2026-06-02",
"url": "https://ubuntu.com/security/notices/USN-8374-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21937-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026457.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21908-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026485.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21941-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026453.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21907-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026486.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8371-1 vom 2026-06-02",
"url": "https://ubuntu.com/security/notices/USN-8371-1"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21906-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026487.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21887-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026505.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21931-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026463.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21905-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026488.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21904-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026489.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21892-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026500.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21903-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026490.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21895-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026497.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21902-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026491.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21909-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026484.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21901-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026492.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21888-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026504.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21900-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026493.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21932-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026462.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21930-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026464.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21933-1 vom 2026-06-02",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026461.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21973-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026539.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2238-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026559.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21656 vom 2026-06-03",
"url": "https://access.redhat.com/errata/RHSA-2026:21656"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21702 vom 2026-06-03",
"url": "https://access.redhat.com/errata/RHSA-2026:21702"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21974-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026538.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21970-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026542.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23471 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:23471"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23468 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:23468"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23469 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:23469"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21961-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026548.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21979-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026535.html"
},
{
"category": "external",
"summary": "Container-Optimized OS release notes vom 2026-06-05",
"url": "https://docs.cloud.google.com/container-optimized-os/docs/release-notes#June_04_2026"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50299 vom 2026-06-04",
"url": "http://linux.oracle.com/errata/ELSA-2026-50299.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23470 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:23470"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50294 vom 2026-06-04",
"url": "http://linux.oracle.com/errata/ELSA-2026-50294.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21953-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026556.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21963-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026546.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21960-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026549.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21972-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026540.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21695 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:21695"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:21690 vom 2026-06-04",
"url": "https://access.redhat.com/errata/RHSA-2026:21690"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50293 vom 2026-06-04",
"url": "http://linux.oracle.com/errata/ELSA-2026-50293.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21969-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026543.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21959-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026550.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21957-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026552.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21956-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026553.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21962-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026547.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21968-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026544.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21982-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026532.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21983-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026531.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21971-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026541.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21958-1 vom 2026-06-03",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026551.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22030-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026622.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22033-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026619.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22038-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026614.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22031-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026621.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22039-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026613.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22032-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026620.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22029-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026623.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22035-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026617.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22040-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026612.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22034-1 vom 2026-06-08",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026618.html"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10954-1 vom 2026-06-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SCML3YIY7XP4A5LIAG3VJHEVKSFGU6XF/"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50306 vom 2026-06-09",
"url": "https://linux.oracle.com/errata/ELSA-2026-50306.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:22042-1 vom 2026-06-09",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026664.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:24814 vom 2026-06-09",
"url": "https://access.redhat.com/errata/RHSA-2026:24814"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23245 vom 2026-06-10",
"url": "https://access.redhat.com/errata/RHSA-2026:23245"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23233 vom 2026-06-11",
"url": "https://access.redhat.com/errata/RHSA-2026:23233"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:23240 vom 2026-06-11",
"url": "https://access.redhat.com/errata/RHSA-2026:23240"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-8426-1 vom 2026-06-12",
"url": "https://ubuntu.com/security/notices/USN-8426-1"
},
{
"category": "external",
"summary": "Oracle Linux Security Advisory ELSA-2026-50318 vom 2026-06-16",
"url": "https://linux.oracle.com/errata/ELSA-2026-50318.html"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7276589 vom 2026-06-16",
"url": "https://www.ibm.com/support/pages/node/7276589"
}
],
"source_lang": "en-US",
"title": "Linux Kernel (Fragnesia): Schwachstelle erm\u00f6glicht Erlangen von Administratorrechten",
"tracking": {
"current_release_date": "2026-06-16T22:00:00.000+00:00",
"generator": {
"date": "2026-06-17T08:45:13.573+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1530",
"initial_release_date": "2026-05-14T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von SUSE und Amazon aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von SUSE und Fedora aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von SUSE und Red Hat aufgenommen"
},
{
"date": "2026-05-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat und SUSE aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Oracle Linux, Debian, European Union Vulnerability Database, Rocky Enterprise Software Foundation und Red Hat aufgenommen"
},
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Amazon, SUSE und Oracle Linux aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat, Debian und SUSE aufgenommen"
},
{
"date": "2026-06-01T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-02T22:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von SUSE und Ubuntu aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von SUSE, Red Hat und Oracle Linux aufgenommen"
},
{
"date": "2026-06-08T22:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von SUSE und openSUSE aufgenommen"
},
{
"date": "2026-06-09T22:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Oracle Linux, SUSE und Red Hat aufgenommen"
},
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-06-11T22:00:00.000+00:00",
"number": "18",
"summary": "Neue Updates von Ubuntu aufgenommen"
},
{
"date": "2026-06-15T22:00:00.000+00:00",
"number": "19",
"summary": "Neue Updates von Oracle Linux aufgenommen"
},
{
"date": "2026-06-16T22:00:00.000+00:00",
"number": "20",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "20"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "T054615",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"category": "product_name",
"name": "Google Container-Optimized OS",
"product": {
"name": "Google Container-Optimized OS",
"product_id": "1607324",
"product_identification_helper": {
"cpe": "cpe:/o:google:container-optimized_os:-"
}
}
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c7.5.0 UP15 IF04",
"product": {
"name": "IBM QRadar SIEM \u003c7.5.0 UP15 IF04",
"product_id": "T055485"
}
},
{
"category": "product_version",
"name": "7.5.0 UP15 IF04",
"product": {
"name": "IBM QRadar SIEM 7.5.0 UP15 IF04",
"product_id": "T055485-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:7.5.0_up15_if04"
}
}
}
],
"category": "product_name",
"name": "QRadar SIEM"
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Nutanix Files",
"product": {
"name": "Nutanix Files",
"product_id": "T054405",
"product_identification_helper": {
"cpe": "cpe:/a:nutanix:files:-"
}
}
},
{
"category": "product_name",
"name": "Nutanix Kubernetes Engine",
"product": {
"name": "Nutanix Kubernetes Engine",
"product_id": "T054763",
"product_identification_helper": {
"cpe": "cpe:/a:nutanix:kubernetes_engine:-"
}
}
}
],
"category": "vendor",
"name": "Nutanix"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "T054119",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Oracle Linux",
"product": {
"name": "Oracle Linux",
"product_id": "T054637",
"product_identification_helper": {
"cpe": "cpe:/o:oracle:linux:-"
}
}
}
],
"category": "vendor",
"name": "Oracle"
},
{
"branches": [
{
"category": "product_name",
"name": "RESF Rocky Linux",
"product": {
"name": "RESF Rocky Linux",
"product_id": "T054555",
"product_identification_helper": {
"cpe": "cpe:/o:resf:rocky_linux:-"
}
}
}
],
"category": "vendor",
"name": "RESF"
},
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "Red Hat Enterprise Linux 9.2",
"product_id": "T054697",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:9.2"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "Container Platform \u003c4.18.43",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.18.43",
"product_id": "T054988"
}
},
{
"category": "product_version",
"name": "Container Platform 4.18.43",
"product": {
"name": "Red Hat OpenShift Container Platform 4.18.43",
"product_id": "T054988-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.18.43"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.13.67",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.13.67",
"product_id": "T054989"
}
},
{
"category": "product_version",
"name": "Container Platform 4.13.67",
"product": {
"name": "Red Hat OpenShift Container Platform 4.13.67",
"product_id": "T054989-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.13.67"
}
}
},
{
"category": "product_version_range",
"name": "Container Platform \u003c4.12.91",
"product": {
"name": "Red Hat OpenShift Container Platform \u003c4.12.91",
"product_id": "T054990"
}
},
{
"category": "product_version",
"name": "Container Platform 4.12.91",
"product": {
"name": "Red Hat OpenShift Container Platform 4.12.91",
"product_id": "T054990-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform__4.12.91"
}
}
},
{
"category": "product_version_range",
"name": "\u003c4.21.19",
"product": {
"name": "Red Hat OpenShift \u003c4.21.19",
"product_id": "T055270"
}
},
{
"category": "product_version",
"name": "4.21.19",
"product": {
"name": "Red Hat OpenShift 4.21.19",
"product_id": "T055270-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:4.21.19"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-46300",
"product_status": {
"known_affected": [
"T054990",
"T055485",
"67646",
"T054615",
"T054637",
"T054989",
"T054119",
"T054405",
"T054988",
"T054555",
"74185",
"T054697",
"T054763",
"T002207",
"T000126",
"T027843",
"T055270",
"398363",
"1607324"
]
},
"release_date": "2026-05-14T22:00:00.000+00:00",
"title": "CVE-2026-46300"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…