SUSE-SU-2026:1573-1

Vulnerability from csaf_suse - Published: 2026-04-23 15:52 - Updated: 2026-04-23 15:52
Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073). - CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647). - CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865). - CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889). - CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561). - CVE-2026-23047: libceph: make calc_target() set t->paused, not just clear it (bsc#1257682). - CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773). - CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280). - CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303). - CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305). - CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330). - CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414). - CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337). - CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476). - CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447). - CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188). - CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795). - CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797). - CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891). - CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put failure (bsc#1259866). - CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886). - CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009). - CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005). - CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997). - CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998). - CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464). - CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500). - CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486). - CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562). - CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735). - CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732). - CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481). - CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471). - CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799). - CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730). - CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498). - CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496). - CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707). The following non-security bugs were fixed: - ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes). - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes). - ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes). - ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes). - ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes). - ALSA: firewire-lib: fix uninitialized local variable (git-fixes). - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes). - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes). - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes). - ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes). - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes). - ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes). - ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes). - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes). - ASoC: Intel: boards: fix unmet dependency on PINCTRL (git-fixes). - ASoC: Intel: catpt: Fix the device initialization (git-fixes). - ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes). - ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes). - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes). - ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes). - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes). - ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes). - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes). - ASoC: cs42l43: Report insert for exotic peripherals (stable-fixes). - ASoC: detect empty DMI strings (git-fixes). - ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes). - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes). - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes). - ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes). - ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes). - Bluetooth: HIDP: Fix possible UAF (git-fixes). - Bluetooth: ISO: Fix defer tests being unstable (git-fixes). - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes). - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (git-fixes). - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes). - Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes). - Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req (git-fixes). - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes). - Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes). - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes). - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes). - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (git-fixes). - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes). - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes). - Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (git-fixes). - Bluetooth: MGMT: validate LTK enc_size on load (git-fixes). - Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes). - Bluetooth: Remove 3 repeated macro definitions (stable-fixes). - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes). - Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes). - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes). - Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes). - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes). - Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes). - Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes). - Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (git-fixes). - Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes). - Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes). - Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes). - Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes). - Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes). - Bluetooth: qca: fix ROM version reading on WCN3998 chips (git-fixes). - Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes). - Drivers: hv: remove stale comment (git-fixes). - Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes). - Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes). - Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes). - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes). - HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes). - HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes). - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes). - HID: mcp2221: cancel last I2C command on read error (stable-fixes). - Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes). - NFC: nxp-nci: allow GPIOs to sleep (git-fixes). - NFC: pn533: bound the UART receive buffer (git-fixes). - PCI: Update BAR # and window messages (stable-fixes). - PCI: hv: Correct a comment (git-fixes). - PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes). - PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes). - PCI: hv: remove unnecessary module_init/exit functions (git-fixes). - PM: runtime: Fix a race condition related to device removal (git-fixes). - RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135). - RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes). - RDMA/mana_ib: Add device statistics support (git-fixes). - RDMA/mana_ib: Add device-memory support (git-fixes). - RDMA/mana_ib: Add port statistics support (git-fixes). - RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes). - RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes). - RDMA/mana_ib: Adding and deleting GIDs (git-fixes). - RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes). - RDMA/mana_ib: Configure mac address in RNIC (git-fixes). - RDMA/mana_ib: Create and destroy RC QP (git-fixes). - RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes). - RDMA/mana_ib: Create and destroy rnic adapter (git-fixes). - RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes). - RDMA/mana_ib: Enable RoCE on port 1 (git-fixes). - RDMA/mana_ib: Extend modify QP (git-fixes). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: Fix error code in probe() (git-fixes). - RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135). - RDMA/mana_ib: Fix missing ret value (git-fixes). - RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690). - RDMA/mana_ib: Implement DMABUF MR support (git-fixes). - RDMA/mana_ib: Implement port parameters (git-fixes). - RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes). - RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes). - RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes). - RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes). - RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes). - RDMA/mana_ib: Modify QP state (git-fixes). - RDMA/mana_ib: Process QP error events in mana_ib (git-fixes). - RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes). - RDMA/mana_ib: Set correct device into ib (git-fixes). - RDMA/mana_ib: Take CQ type from the device type (git-fixes). - RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes). - RDMA/mana_ib: UD/GSI work requests (git-fixes). - RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes). - RDMA/mana_ib: Use safer allocation function() (bsc#1251135). - RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes). - RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes). - RDMA/mana_ib: add additional port counters (bsc#1251135). - RDMA/mana_ib: add support of multiple ports (bsc#1251135). - RDMA/mana_ib: check cqe length for kernel CQs (git-fixes). - RDMA/mana_ib: create EQs for RNIC CQs (git-fixes). - RDMA/mana_ib: create and destroy RNIC cqs (git-fixes). - RDMA/mana_ib: create kernel-level CQs (git-fixes). - RDMA/mana_ib: create/destroy AH (git-fixes). - RDMA/mana_ib: extend mana QP table (git-fixes). - RDMA/mana_ib: extend query device (git-fixes). - RDMA/mana_ib: helpers to allocate kernel queues (git-fixes). - RDMA/mana_ib: implement get_dma_mr (git-fixes). - RDMA/mana_ib: implement req_notify_cq (git-fixes). - RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes). - RDMA/mana_ib: indicate CM support (git-fixes). - RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes). - RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes). - RDMA/mana_ib: remove useless return values from dbg prints (git-fixes). - RDMA/mana_ib: request error CQEs when supported (git-fixes). - RDMA/mana_ib: set node_guid (git-fixes). - RDMA/mana_ib: support of the zero based MRs (bsc#1251135). - RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes). - Remove 'scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans)' changes (bsc#1257506). - Revert 'drm/i915/display: Add quirk to skip retraining of dp link' (bsc#1253129). - Revert 'drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug' (git-fixes). - USB: add QUIRK_NO_BOS for video capture several devices (stable-fixes). - USB: core: Limit the length of unkillable synchronous timeouts (git-fixes). - USB: dummy-hcd: Fix interrupt synchronization error (git-fixes). - USB: dummy-hcd: Fix locking/synchronization error (git-fixes). - USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes). - USB: serial: f81232: fix incomplete serial port generation (stable-fixes). - USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes). - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes). - accel/qaic: Handle DBC deactivation if the owner went away (git-fixes). - bonding: do not set usable_slaves for broadcast mode (git-fixes). - btrfs: fix zero size inode with non-zero size after log replay (git-fixes). - btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes). - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777). - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes). - can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes). - cifs: Fix locking usage for tcon fields (git-fixes). - cifs: force interface update before a fresh session setup (git-fixes). - cifs: make default value of retrans as zero (git-fixes). - cifs: some missing initializations on replay (git-fixes). - comedi: Reinit dev->spinlock between attachments to low-level drivers (git-fixes). - comedi: me4000: Fix potential overrun of firmware buffer (git-fixes). - comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes). - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes). - cpufreq/amd-pstate: Remove the redundant verify() function (bsc#1252803). - cpufreq/amd-pstate: Set the initial min_freq to lowest_nonlinear_freq (bsc#1252803). - crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes). - crypto: caam - fix DMA corruption on long hmac keys (git-fixes). - crypto: caam - fix overflow on long hmac keys (git-fixes). - dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes). - dmaengine: idxd: Fix leaking event log memory (git-fixes). - dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes). - dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes). - dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes). - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes). - dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes). - dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes). - dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes). - drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes). - drm/amd/display: Do not skip unrelated mode changes in DSC validation (git-fixes). - drm/amd/display: Fallback to boot snapshot for dispclk (stable-fixes). - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes). - drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (git-fixes). - drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (git-fixes). - drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (stable-fixes). - drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes). - drm/amd: fix dcn 2.01 check (git-fixes). - drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/mmhub4.1.0: add bounds checking for cid (stable-fixes). - drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes). - drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (git-fixes). - drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes). - drm/amdgpu: Fix kernel-doc comments for some LUT properties (git-fixes). - drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes). - drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes). - drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (stable-fixes). - drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes). - drm/amdgpu: prevent immediate PASID reuse case (stable-fixes). - drm/amdkfd: Unreserve bo if queue update failed (git-fixes). - drm/ast: dp501: Fix initialization of SCU2C (git-fixes). - drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes). - drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes). - drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (stable-fixes). - drm/exynos: vidi: fix to avoid directly dereferencing user pointer (stable-fixes). - drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free (stable-fixes). - drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129). - drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (git-fixes). - drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (git-fixes). - drm/i915/dsc: Add Selective Update register definitions (stable-fixes). - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes). - drm/i915/dsi: Do not do DSC horizontal timing adjustments in command mode (git-fixes). - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes). - drm/i915/gt: Check set_default_submission() before deferencing (git-fixes). - drm/imagination: Fix deadlock in soft reset sequence (git-fixes). - drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes). - drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes). - drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes). - drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes). - drm/msm: Fix dma_free_attrs() buffer size (git-fixes). - drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes). - drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes). - drm/xe/oa: Allow reading after disabling OA stream (git-fixes). - drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes). - drm/xe: Do not preempt fence signaling CS instructions (git-fixes). - drm/xe: Open-code GGTT MMIO access protection (git-fixes). - drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (git-fixes). - firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes). - gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes). - hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes). - hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes). - hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes). - hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes). - hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes). - hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes). - hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes). - hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes). - hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes). - hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes). - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes). - hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes). - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes). - hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes). - i2c: cp2615: fix serial string NULL-deref at probe (git-fixes). - i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes). - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes). - i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes). - idpf: nullify pointers after they are freed (git-fixes). - iio: accel: fix ADXL355 temperature signature value (git-fixes). - iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes). - iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes). - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes). - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes). - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes). - iio: dac: ds4424: reject -128 RAW value (git-fixes). - iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes). - iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes). - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes). - iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes). - iio: gyro: mpu3050: Fix irq resource leak (git-fixes). - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes). - iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes). - iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes). - iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes). - iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes). - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes). - iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes). - iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes). - irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (git-fixes). - mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (stable-fixes). - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes). - media: tegra-video: Use accessors for pad config 'try_*' fields (stable-fixes). - mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes). - mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes). - mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes). - mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes). - misc: fastrpc: possible double-free of cctx->remote_heap (git-fixes). - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes). - mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes). - mtd: Avoid boot crash in RedBoot partition table parser (git-fixes). - mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes). - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes). - mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes). - mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes). - mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes). - mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes). - net/mana: Null service_wq on setup error to prevent double destroy (git-fix). - net/mana: Null service_wq on setup error to prevent double destroy (git-fixes). - net/mlx5: Fix crash when moving to switchdev mode (git-fixes). - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes). - net/x25: Fix overflow when accumulating packets (git-fixes). - net/x25: Fix potential double free of skb (git-fixes). - net: mana: Add metadata support for xdp mode (git-fixes). - net: mana: Add standard counter rx_missed_errors (git-fixes). - net: mana: Add support for auxiliary device servicing events (bsc#1251971). - net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690). - net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes). - net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes). - net: mana: Fix use-after-free in reset service rescan path (git-fixes). - net: mana: Fix warnings for missing export.h header inclusion (git-fixes). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971). - net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes). - net: mana: Handle hardware recovery events when probing the device (bsc#1257466). - net: mana: Handle unsupported HWC commands (git-fixes). - net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472). - net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes). - net: mana: Probe rdma device in mana driver (git-fixes). - net: mana: Reduce waiting time if HWC not responding (bsc#1252266). - net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes). - net: mana: Support HW link state events (bsc#1253049). - net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580). - net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mana: fix use-after-free in add_adev() error path (git-fixes). - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes). - net: mana: use ethtool string helpers (git-fixes). - net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes). - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes). - net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes). - net: usb: pegasus: validate USB endpoints (stable-fixes). - nfc: nci: fix circular locking dependency in nci_close_device (git-fixes). - nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208). - nvme: expose active quirks in sysfs (bsc#1243208). Refresh: - nvme: fix memory leak in quirks_param_set() (bsc#1243208). - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes). - pinctrl: equilibrium: fix warning trace on load (git-fixes). - pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes). - pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes). - pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes). - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes). - platform/x86: ISST: Correct locked bit width (git-fixes). - platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes). - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes). - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes). - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes). - regmap: Synchronize cache for the page selector (git-fixes). - regulator: pca9450: Correct interrupt type (git-fixes). - regulator: pca9450: Make IRQ optional (stable-fixes). - s390/debug: Pass in and enforce output buffer size for format handlers (jsc#PED-15582). - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687). - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes). - scsi: storvsc: Remove redundant ternary operators (git-fixes). - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes). - serial: 8250: Fix TX deadlock when using DMA (git-fixes). - serial: 8250_pci: add support for the AX99100 (stable-fixes). - serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes). - smb: client: add proper locking around ses->iface_last_update (git-fixes). - smb: client: fix broken multichannel with krb5+signing (git-fixes). - smb: client: fix cifs_pick_channel when channels are equally loaded (git-fixes). - smb: client: fix in-place encryption corruption in SMB2_write() (git-fixes). - smb: client: fix krb5 mount with username option (git-fixes). - smb: client: prevent races in ->query_interfaces() (git-fixes). - soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes). - soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes). - spi: fix statistics allocation (git-fixes). - spi: fix use-after-free on controller registration failure (git-fixes). - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes). - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes). - thunderbolt: Fix property read in nhi_wake_supported() (git-fixes). - tools/hv: add a .gitignore file (git-fixes). - tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes). - tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes). - tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes). - tools: hv: lsvmbus: change shebang to use python3 (git-fixes). - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes). - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes). - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes). - usb: cdns3: fix role switching during resume (git-fixes). - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes). - usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes). - usb: cdns3: remove redundant if branch (stable-fixes). - usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes). - usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-fixes). - usb: core: new quirk to handle devices with zero configurations (stable-fixes). - usb: core: phy: avoid double use of 'usb3-phy' (git-fixes). - usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes). - usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes). - usb: ehci-brcm: fix sleep during atomic (git-fixes). - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes). - usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes). - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes). - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes). - usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes). - usb: image: mdc800: kill download URB on timeout (stable-fixes). - usb: mdc800: handle signal and read racing (stable-fixes). - usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes). - usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes). - usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes). - usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes). - usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes). - usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes). - usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes). - usb: yurex: fix race in probe (stable-fixes). - vhost: fix caching attributes of MMIO regions by setting them explicitly (git-fixes). - vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 (git-fixes). - watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504). - wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes). - wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes). - wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes). - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes). - wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes). - wifi: mac80211: set default WMM parameters on all links (stable-fixes). - wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes). - wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes). - x86/platform/uv: Handle deconfigured sockets (bsc#1260347). - xen/privcmd: unregister xenstore notifier on module exit (git-fixes). - xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes).
Patchnames: SUSE-2026-1573,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1573,SUSE-SLE-Module-RT-15-SP7-2026-1573
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
CVE-2024-38542
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2025-39998
6.1 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2025-68794
6.3 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2025-71231
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2025-71268
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2025-71269
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23030
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23047
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23103
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23120
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23136
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23140
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23187
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23193
5.8 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23201
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23215
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23216
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23231
7 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23242
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23243
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23255
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23259
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23270
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23272
7 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23274
7 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23277
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23278
7 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23281
6.3 (Medium)
CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23292
4.4 (Medium)
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23293
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23317
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23319
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23361
4.1 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23379
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23381
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23386
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23398
5.9 (Medium)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23413
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-23414
4.7 (Medium)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
CVE-2026-31788
Vendor Fix To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
https://www.suse.com/support/security/rating/ external
https://ftp.suse.com/pub/projects/security/csaf/s… self
https://www.suse.com/support/update/announcement/… self
https://lists.suse.com/pipermail/sle-updates/2026… self
https://bugzilla.suse.com/1226591 self
https://bugzilla.suse.com/1243208 self
https://bugzilla.suse.com/1245728 self
https://bugzilla.suse.com/1251135 self
https://bugzilla.suse.com/1251971 self
https://bugzilla.suse.com/1252073 self
https://bugzilla.suse.com/1252266 self
https://bugzilla.suse.com/1252803 self
https://bugzilla.suse.com/1253049 self
https://bugzilla.suse.com/1253129 self
https://bugzilla.suse.com/1255687 self
https://bugzilla.suse.com/1256504 self
https://bugzilla.suse.com/1256647 self
https://bugzilla.suse.com/1256690 self
https://bugzilla.suse.com/1257466 self
https://bugzilla.suse.com/1257472 self
https://bugzilla.suse.com/1257506 self
https://bugzilla.suse.com/1257561 self
https://bugzilla.suse.com/1257682 self
https://bugzilla.suse.com/1257773 self
https://bugzilla.suse.com/1257777 self
https://bugzilla.suse.com/1258280 self
https://bugzilla.suse.com/1258303 self
https://bugzilla.suse.com/1258305 self
https://bugzilla.suse.com/1258330 self
https://bugzilla.suse.com/1258337 self
https://bugzilla.suse.com/1258414 self
https://bugzilla.suse.com/1258424 self
https://bugzilla.suse.com/1258447 self
https://bugzilla.suse.com/1258476 self
https://bugzilla.suse.com/1259188 self
https://bugzilla.suse.com/1259580 self
https://bugzilla.suse.com/1259707 self
https://bugzilla.suse.com/1259795 self
https://bugzilla.suse.com/1259797 self
https://bugzilla.suse.com/1259865 self
https://bugzilla.suse.com/1259866 self
https://bugzilla.suse.com/1259886 self
https://bugzilla.suse.com/1259889 self
https://bugzilla.suse.com/1259891 self
https://bugzilla.suse.com/1259997 self
https://bugzilla.suse.com/1259998 self
https://bugzilla.suse.com/1260005 self
https://bugzilla.suse.com/1260009 self
https://bugzilla.suse.com/1260347 self
https://bugzilla.suse.com/1260464 self
https://bugzilla.suse.com/1260471 self
https://bugzilla.suse.com/1260481 self
https://bugzilla.suse.com/1260486 self
https://bugzilla.suse.com/1260500 self
https://bugzilla.suse.com/1260562 self
https://bugzilla.suse.com/1260730 self
https://bugzilla.suse.com/1260732 self
https://bugzilla.suse.com/1260735 self
https://bugzilla.suse.com/1260799 self
https://bugzilla.suse.com/1261496 self
https://bugzilla.suse.com/1261498 self
https://www.suse.com/security/cve/CVE-2024-38542/ self
https://www.suse.com/security/cve/CVE-2025-39998/ self
https://www.suse.com/security/cve/CVE-2025-68794/ self
https://www.suse.com/security/cve/CVE-2025-71231/ self
https://www.suse.com/security/cve/CVE-2025-71268/ self
https://www.suse.com/security/cve/CVE-2025-71269/ self
https://www.suse.com/security/cve/CVE-2026-23030/ self
https://www.suse.com/security/cve/CVE-2026-23047/ self
https://www.suse.com/security/cve/CVE-2026-23103/ self
https://www.suse.com/security/cve/CVE-2026-23120/ self
https://www.suse.com/security/cve/CVE-2026-23136/ self
https://www.suse.com/security/cve/CVE-2026-23140/ self
https://www.suse.com/security/cve/CVE-2026-23187/ self
https://www.suse.com/security/cve/CVE-2026-23193/ self
https://www.suse.com/security/cve/CVE-2026-23201/ self
https://www.suse.com/security/cve/CVE-2026-23215/ self
https://www.suse.com/security/cve/CVE-2026-23216/ self
https://www.suse.com/security/cve/CVE-2026-23231/ self
https://www.suse.com/security/cve/CVE-2026-23242/ self
https://www.suse.com/security/cve/CVE-2026-23243/ self
https://www.suse.com/security/cve/CVE-2026-23255/ self
https://www.suse.com/security/cve/CVE-2026-23259/ self
https://www.suse.com/security/cve/CVE-2026-23270/ self
https://www.suse.com/security/cve/CVE-2026-23272/ self
https://www.suse.com/security/cve/CVE-2026-23274/ self
https://www.suse.com/security/cve/CVE-2026-23277/ self
https://www.suse.com/security/cve/CVE-2026-23278/ self
https://www.suse.com/security/cve/CVE-2026-23281/ self
https://www.suse.com/security/cve/CVE-2026-23292/ self
https://www.suse.com/security/cve/CVE-2026-23293/ self
https://www.suse.com/security/cve/CVE-2026-23317/ self
https://www.suse.com/security/cve/CVE-2026-23319/ self
https://www.suse.com/security/cve/CVE-2026-23361/ self
https://www.suse.com/security/cve/CVE-2026-23379/ self
https://www.suse.com/security/cve/CVE-2026-23381/ self
https://www.suse.com/security/cve/CVE-2026-23386/ self
https://www.suse.com/security/cve/CVE-2026-23398/ self
https://www.suse.com/security/cve/CVE-2026-23413/ self
https://www.suse.com/security/cve/CVE-2026-23414/ self
https://www.suse.com/security/cve/CVE-2026-31788/ self
https://www.suse.com/security/cve/CVE-2024-38542 external
https://bugzilla.suse.com/1226591 external
https://www.suse.com/security/cve/CVE-2025-39998 external
https://bugzilla.suse.com/1252073 external
https://www.suse.com/security/cve/CVE-2025-68794 external
https://bugzilla.suse.com/1256647 external
https://www.suse.com/security/cve/CVE-2025-71231 external
https://bugzilla.suse.com/1258424 external
https://bugzilla.suse.com/1258425 external
https://www.suse.com/security/cve/CVE-2025-71268 external
https://bugzilla.suse.com/1259865 external
https://www.suse.com/security/cve/CVE-2025-71269 external
https://bugzilla.suse.com/1259889 external
https://www.suse.com/security/cve/CVE-2026-23030 external
https://bugzilla.suse.com/1257561 external
https://www.suse.com/security/cve/CVE-2026-23047 external
https://bugzilla.suse.com/1257682 external
https://www.suse.com/security/cve/CVE-2026-23103 external
https://bugzilla.suse.com/1257773 external
https://www.suse.com/security/cve/CVE-2026-23120 external
https://bugzilla.suse.com/1258280 external
https://www.suse.com/security/cve/CVE-2026-23136 external
https://bugzilla.suse.com/1258303 external
https://www.suse.com/security/cve/CVE-2026-23140 external
https://bugzilla.suse.com/1258305 external
https://www.suse.com/security/cve/CVE-2026-23187 external
https://bugzilla.suse.com/1258330 external
https://www.suse.com/security/cve/CVE-2026-23193 external
https://bugzilla.suse.com/1258414 external
https://www.suse.com/security/cve/CVE-2026-23201 external
https://bugzilla.suse.com/1258337 external
https://www.suse.com/security/cve/CVE-2026-23215 external
https://bugzilla.suse.com/1258476 external
https://www.suse.com/security/cve/CVE-2026-23216 external
https://bugzilla.suse.com/1258447 external
https://bugzilla.suse.com/1258448 external
https://www.suse.com/security/cve/CVE-2026-23231 external
https://bugzilla.suse.com/1259188 external
https://bugzilla.suse.com/1259189 external
https://www.suse.com/security/cve/CVE-2026-23242 external
https://bugzilla.suse.com/1259795 external
https://www.suse.com/security/cve/CVE-2026-23243 external
https://bugzilla.suse.com/1259797 external
https://bugzilla.suse.com/1259798 external
https://www.suse.com/security/cve/CVE-2026-23255 external
https://bugzilla.suse.com/1259891 external
https://www.suse.com/security/cve/CVE-2026-23259 external
https://bugzilla.suse.com/1259866 external
https://www.suse.com/security/cve/CVE-2026-23270 external
https://bugzilla.suse.com/1259886 external
https://www.suse.com/security/cve/CVE-2026-23272 external
https://bugzilla.suse.com/1260009 external
https://bugzilla.suse.com/1260909 external
https://www.suse.com/security/cve/CVE-2026-23274 external
https://bugzilla.suse.com/1260005 external
https://bugzilla.suse.com/1260908 external
https://www.suse.com/security/cve/CVE-2026-23277 external
https://bugzilla.suse.com/1259997 external
https://www.suse.com/security/cve/CVE-2026-23278 external
https://bugzilla.suse.com/1259998 external
https://bugzilla.suse.com/1260907 external
https://www.suse.com/security/cve/CVE-2026-23281 external
https://bugzilla.suse.com/1260464 external
https://bugzilla.suse.com/1260466 external
https://www.suse.com/security/cve/CVE-2026-23292 external
https://bugzilla.suse.com/1260500 external
https://www.suse.com/security/cve/CVE-2026-23293 external
https://bugzilla.suse.com/1260486 external
https://www.suse.com/security/cve/CVE-2026-23317 external
https://bugzilla.suse.com/1260562 external
https://bugzilla.suse.com/1260563 external
https://www.suse.com/security/cve/CVE-2026-23319 external
https://bugzilla.suse.com/1260735 external
https://www.suse.com/security/cve/CVE-2026-23361 external
https://bugzilla.suse.com/1260732 external
https://www.suse.com/security/cve/CVE-2026-23379 external
https://bugzilla.suse.com/1260481 external
https://www.suse.com/security/cve/CVE-2026-23381 external
https://bugzilla.suse.com/1260471 external
https://www.suse.com/security/cve/CVE-2026-23386 external
https://bugzilla.suse.com/1260799 external
https://www.suse.com/security/cve/CVE-2026-23398 external
https://bugzilla.suse.com/1260730 external
https://www.suse.com/security/cve/CVE-2026-23413 external
https://bugzilla.suse.com/1261498 external
https://www.suse.com/security/cve/CVE-2026-23414 external
https://bugzilla.suse.com/1261496 external
https://www.suse.com/security/cve/CVE-2026-31788 external
https://bugzilla.suse.com/1259707 external
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "The SUSE Linux Enterprise 15 SP7 RT kernel was updated to receive various security bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).\n- CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).\n- CVE-2025-71268: btrfs: fix reservation leak in some error paths when inserting inline extent (bsc#1259865).\n- CVE-2025-71269: btrfs: do not free data reservation in fallback from inline due to -ENOSPC (bsc#1259889).\n- CVE-2026-23030: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() (bsc#1257561).\n- CVE-2026-23047: libceph: make calc_target() set t-\u003epaused, not just clear it (bsc#1257682).\n- CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).\n- CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).\n- CVE-2026-23136: libceph: reset sparse-read state in osd_fault() (bsc#1258303).\n- CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).\n- CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains (bsc#1258330).\n- CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).\n- CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).\n- CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).\n- CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).\n- CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).\n- CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).\n- CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).\n- CVE-2026-23259: io_uring/rw: free potentially allocated iovec on cache put failure (bsc#1259866).\n- CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).\n- CVE-2026-23272: netfilter: nf_tables: unconditionally bump set-\u003enelems before insertion (bsc#1260009).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).\n- CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).\n- CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).\n- CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).\n- CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).\n- CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260562).\n- CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).\n- CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).\n- CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).\n- CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).\n- CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).\n- CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).\n- CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).\n- CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).\n- CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).\n\nThe following non-security bugs were fixed:\n\n- ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (git-fixes).\n- ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (stable-fixes).\n- ACPI: PM: Save NVS memory on Lenovo G70-35 (stable-fixes).\n- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (git-fixes).\n- ALSA: caiaq: fix stack out-of-bounds read in init_card (git-fixes).\n- ALSA: firewire-lib: fix uninitialized local variable (git-fixes).\n- ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (stable-fixes).\n- ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (stable-fixes).\n- ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (stable-fixes).\n- ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (stable-fixes).\n- ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (git-fixes).\n- ALSA: pci: hda: use snd_kcontrol_chip() (stable-fixes).\n- ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (git-fixes).\n- ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (stable-fixes).\n- ASoC: Intel: boards: fix unmet dependency on PINCTRL (git-fixes).\n- ASoC: Intel: catpt: Fix the device initialization (git-fixes).\n- ASoC: SOF: ipc4-topology: Allow bytes controls without initial payload (git-fixes).\n- ASoC: adau1372: Fix clock leak on PLL lock failure (git-fixes).\n- ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (git-fixes).\n- ASoC: amd: acp-mach-common: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (git-fixes).\n- ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (stable-fixes).\n- ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (stable-fixes).\n- ASoC: cs42l43: Report insert for exotic peripherals (stable-fixes).\n- ASoC: detect empty DMI strings (git-fixes).\n- ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (git-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (stable-fixes).\n- ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (stable-fixes).\n- ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (git-fixes).\n- ASoC: soc-core: drop delayed_work_pending() check before flush (git-fixes).\n- ASoC: soc-core: flush delayed work before removing DAIs and widgets (git-fixes).\n- Bluetooth: HIDP: Fix possible UAF (git-fixes).\n- Bluetooth: ISO: Fix defer tests being unstable (git-fixes).\n- Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (git-fixes).\n- Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (git-fixes).\n- Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (git-fixes).\n- Bluetooth: L2CAP: Fix send LE flow credits in ACL link (git-fixes).\n- Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req (git-fixes).\n- Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (git-fixes).\n- Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (git-fixes).\n- Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (git-fixes).\n- Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if received packet\u0027s SDU exceeds IMTU (git-fixes).\n- Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (git-fixes).\n- Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (git-fixes).\n- Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (git-fixes).\n- Bluetooth: MGMT: validate LTK enc_size on load (git-fixes).\n- Bluetooth: MGMT: validate mesh send advertising payload length (git-fixes).\n- Bluetooth: Remove 3 repeated macro definitions (stable-fixes).\n- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (git-fixes).\n- Bluetooth: SCO: fix race conditions in sco_sock_connect() (git-fixes).\n- Bluetooth: SMP: derive legacy responder STK authentication from MITM state (git-fixes).\n- Bluetooth: SMP: force responder MITM requirements before building the pairing response (git-fixes).\n- Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (git-fixes).\n- Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (git-fixes).\n- Bluetooth: btusb: clamp SCO altsetting table indices (git-fixes).\n- Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (git-fixes).\n- Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (git-fixes).\n- Bluetooth: hci_ll: Fix firmware leak on error path (git-fixes).\n- Bluetooth: hci_sync: Fix hci_le_create_conn_sync (git-fixes).\n- Bluetooth: hci_sync: Remove remaining dependencies of hci_request (stable-fixes).\n- Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (git-fixes).\n- Bluetooth: qca: fix ROM version reading on WCN3998 chips (git-fixes).\n- Drivers: hv: fix missing kernel-doc description for \u0027size\u0027 in request_arr_init() (git-fixes).\n- Drivers: hv: remove stale comment (git-fixes).\n- Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).\n- Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).\n- Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).\n- HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (stable-fixes).\n- HID: apple: avoid memory leak in apple_report_fixup() (stable-fixes).\n- HID: asus: avoid memory leak in asus_report_fixup() (stable-fixes).\n- HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (stable-fixes).\n- HID: mcp2221: cancel last I2C command on read error (stable-fixes).\n- Input: synaptics-rmi4 - fix a locking bug in an error path (git-fixes).\n- NFC: nxp-nci: allow GPIOs to sleep (git-fixes).\n- NFC: pn533: bound the UART receive buffer (git-fixes).\n- PCI: Update BAR # and window messages (stable-fixes).\n- PCI: hv: Correct a comment (git-fixes).\n- PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).\n- PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).\n- PCI: hv: remove unnecessary module_init/exit functions (git-fixes).\n- PM: runtime: Fix a race condition related to device removal (git-fixes).\n- RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).\n- RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).\n- RDMA/mana_ib: Add device statistics support (git-fixes).\n- RDMA/mana_ib: Add device-memory support (git-fixes).\n- RDMA/mana_ib: Add port statistics support (git-fixes).\n- RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).\n- RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).\n- RDMA/mana_ib: Adding and deleting GIDs (git-fixes).\n- RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).\n- RDMA/mana_ib: Configure mac address in RNIC (git-fixes).\n- RDMA/mana_ib: Create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).\n- RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).\n- RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).\n- RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).\n- RDMA/mana_ib: Extend modify QP (git-fixes).\n- RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).\n- RDMA/mana_ib: Fix error code in probe() (git-fixes).\n- RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).\n- RDMA/mana_ib: Fix missing ret value (git-fixes).\n- RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).\n- RDMA/mana_ib: Implement DMABUF MR support (git-fixes).\n- RDMA/mana_ib: Implement port parameters (git-fixes).\n- RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).\n- RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).\n- RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).\n- RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).\n- RDMA/mana_ib: Modify QP state (git-fixes).\n- RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).\n- RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).\n- RDMA/mana_ib: Set correct device into ib (git-fixes).\n- RDMA/mana_ib: Take CQ type from the device type (git-fixes).\n- RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).\n- RDMA/mana_ib: UD/GSI work requests (git-fixes).\n- RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).\n- RDMA/mana_ib: Use safer allocation function() (bsc#1251135).\n- RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).\n- RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).\n- RDMA/mana_ib: add additional port counters (bsc#1251135).\n- RDMA/mana_ib: add support of multiple ports (bsc#1251135).\n- RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).\n- RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).\n- RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).\n- RDMA/mana_ib: create kernel-level CQs (git-fixes).\n- RDMA/mana_ib: create/destroy AH (git-fixes).\n- RDMA/mana_ib: extend mana QP table (git-fixes).\n- RDMA/mana_ib: extend query device (git-fixes).\n- RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).\n- RDMA/mana_ib: implement get_dma_mr (git-fixes).\n- RDMA/mana_ib: implement req_notify_cq (git-fixes).\n- RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).\n- RDMA/mana_ib: indicate CM support (git-fixes).\n- RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).\n- RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).\n- RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).\n- RDMA/mana_ib: request error CQEs when supported (git-fixes).\n- RDMA/mana_ib: set node_guid (git-fixes).\n- RDMA/mana_ib: support of the zero based MRs (bsc#1251135).\n- RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).\n- Remove \u0027scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans)\u0027 changes (bsc#1257506).\n- Revert \u0027drm/i915/display: Add quirk to skip retraining of dp link\u0027 (bsc#1253129).\n- Revert \u0027drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug\u0027 (git-fixes).\n- USB: add QUIRK_NO_BOS for video capture several devices (stable-fixes).\n- USB: core: Limit the length of unkillable synchronous timeouts (git-fixes).\n- USB: dummy-hcd: Fix interrupt synchronization error (git-fixes).\n- USB: dummy-hcd: Fix locking/synchronization error (git-fixes).\n- USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (stable-fixes).\n- USB: serial: f81232: fix incomplete serial port generation (stable-fixes).\n- USB: usbcore: Introduce usb_bulk_msg_killable() (git-fixes).\n- USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (git-fixes).\n- accel/qaic: Handle DBC deactivation if the owner went away (git-fixes).\n- bonding: do not set usable_slaves for broadcast mode (git-fixes).\n- btrfs: fix zero size inode with non-zero size after log replay (git-fixes).\n- btrfs: log new dentries when logging parent dir of a conflicting inode (git-fixes).\n- btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).\n- can: gw: fix OOB heap access in cgw_csum_crc8_rel() (git-fixes).\n- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (git-fixes).\n- cifs: Fix locking usage for tcon fields (git-fixes).\n- cifs: force interface update before a fresh session setup (git-fixes).\n- cifs: make default value of retrans as zero (git-fixes).\n- cifs: some missing initializations on replay (git-fixes).\n- comedi: Reinit dev-\u003espinlock between attachments to low-level drivers (git-fixes).\n- comedi: me4000: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: me_daq: Fix potential overrun of firmware buffer (git-fixes).\n- comedi: ni_atmio16d: Fix invalid clean-up after failed attach (git-fixes).\n- cpufreq/amd-pstate: Remove the redundant verify() function (bsc#1252803).\n- cpufreq/amd-pstate: Set the initial min_freq to lowest_nonlinear_freq (bsc#1252803).\n- crypto: af-alg - fix NULL pointer dereference in scatterwalk (git-fixes).\n- crypto: caam - fix DMA corruption on long hmac keys (git-fixes).\n- crypto: caam - fix overflow on long hmac keys (git-fixes).\n- dmaengine: idxd: Fix freeing the allocated ida too late (git-fixes).\n- dmaengine: idxd: Fix leaking event log memory (git-fixes).\n- dmaengine: idxd: Fix memory leak when a wq is reset (git-fixes).\n- dmaengine: idxd: Fix not releasing workqueue on .release() (git-fixes).\n- dmaengine: idxd: Remove usage of the deprecated ida_simple_xx() API (stable-fixes).\n- dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (git-fixes).\n- dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).\n- dmaengine: sh: rz-dmac: Protect the driver specific lists (git-fixes).\n- dmaengine: xilinx: xdma: Fix regmap init error handling (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix dma_device directions (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (git-fixes).\n- dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (git-fixes).\n- drm/amd/display: Add pixel_clock to amd_pp_display_configuration (stable-fixes).\n- drm/amd/display: Do not skip unrelated mode changes in DSC validation (git-fixes).\n- drm/amd/display: Fallback to boot snapshot for dispclk (stable-fixes).\n- drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (git-fixes).\n- drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (git-fixes).\n- drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (git-fixes).\n- drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (stable-fixes).\n- drm/amd: Set num IP blocks to 0 if discovery fails (stable-fixes).\n- drm/amd: fix dcn 2.01 check (git-fixes).\n- drm/amdgpu/gmc9.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub2.3: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.1: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0.2: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub3.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/mmhub4.1.0: add bounds checking for cid (stable-fixes).\n- drm/amdgpu/vcn5: Add SMU dpm interface type (stable-fixes).\n- drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (git-fixes).\n- drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (git-fixes).\n- drm/amdgpu: Fix kernel-doc comments for some LUT properties (git-fixes).\n- drm/amdgpu: Fix use-after-free race in VM acquire (stable-fixes).\n- drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (stable-fixes).\n- drm/amdgpu: keep vga memory on MacBooks with switchable graphics (stable-fixes).\n- drm/amdgpu: prevent immediate PASID reuse case (stable-fixes).\n- drm/amdkfd: Unreserve bo if queue update failed (git-fixes).\n- drm/ast: dp501: Fix initialization of SCU2C (git-fixes).\n- drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (git-fixes).\n- drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (stable-fixes).\n- drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (stable-fixes).\n- drm/exynos: vidi: fix to avoid directly dereferencing user pointer (stable-fixes).\n- drm/exynos: vidi: use ctx-\u003elock to protect struct vidi_context member variables related to memory alloc/free\n  (stable-fixes).\n- drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).\n- drm/i915/dp: Use crtc_state-\u003eenhanced_framing properly on ivb/hsw CPU eDP (git-fixes).\n- drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (git-fixes).\n- drm/i915/dsc: Add Selective Update register definitions (stable-fixes).\n- drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).\n- drm/i915/dsi: Do not do DSC horizontal timing adjustments in command mode (git-fixes).\n- drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (git-fixes).\n- drm/i915/gt: Check set_default_submission() before deferencing (git-fixes).\n- drm/imagination: Fix deadlock in soft reset sequence (git-fixes).\n- drm/ioc32: stop speculation on the drm_compat_ioctl path (git-fixes).\n- drm/msm/dsi: Document DSC related pclk_rate and hdisplay calculations (stable-fixes).\n- drm/msm/dsi: fix hdisplay calculation when programming dsi registers (git-fixes).\n- drm/msm/dsi: fix pclk rate calculation for bonded dsi (git-fixes).\n- drm/msm: Fix dma_free_attrs() buffer size (git-fixes).\n- drm/radeon: apply state adjust rules to some additional HAINAN vairants (stable-fixes).\n- drm/ttm/tests: Fix build failure on PREEMPT_RT (stable-fixes).\n- drm/xe/oa: Allow reading after disabling OA stream (git-fixes).\n- drm/xe/reg_sr: Fix leak on xa_store failure (git-fixes).\n- drm/xe: Do not preempt fence signaling CS instructions (git-fixes).\n- drm/xe: Open-code GGTT MMIO access protection (git-fixes).\n- drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (git-fixes).\n- firmware: arm_scpi: Fix device_node reference leak in probe path (git-fixes).\n- gpio: mxc: map Both Edge pad wakeup to Rising Edge (git-fixes).\n- hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).\n- hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).\n- hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (git-fixes).\n- hwmon: (axi-fan-control) Make use of dev_err_probe() (stable-fixes).\n- hwmon: (axi-fan-control) Use device firmware agnostic API (stable-fixes).\n- hwmon: (occ) Fix division by zero in occ_show_power_1() (git-fixes).\n- hwmon: (occ) Fix missing newline in occ_show_extended() (git-fixes).\n- hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (git-fixes).\n- hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (git-fixes).\n- hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (git-fixes).\n- hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (git-fixes).\n- hwmon: (pxe1610) Check return value of page-select write in probe (git-fixes).\n- hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (git-fixes).\n- hwmon: axi-fan: do not use driver_override as IRQ name (git-fixes).\n- i2c: cp2615: fix serial string NULL-deref at probe (git-fixes).\n- i2c: cp2615: replace deprecated strncpy with strscpy (stable-fixes).\n- i2c: fsi: Fix a potential leak in fsi_i2c_probe() (git-fixes).\n- i2c: pxa: defer reset on Armada 3700 when recovery is used (git-fixes).\n- idpf: nullify pointers after they are freed (git-fixes).\n- iio: accel: fix ADXL355 temperature signature value (git-fixes).\n- iio: adc: ti-adc161s626: fix buffer read on big-endian (git-fixes).\n- iio: chemical: bme680: Fix measurement wait duration calculation (git-fixes).\n- iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (git-fixes).\n- iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (git-fixes).\n- iio: dac: ad5770r: fix error return in ad5770r_read_raw() (git-fixes).\n- iio: dac: ds4424: reject -128 RAW value (git-fixes).\n- iio: frequency: adf4377: Fix duplicated soft reset mask (git-fixes).\n- iio: gyro: mpu3050-core: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050-i2c: fix pm_runtime error handling (git-fixes).\n- iio: gyro: mpu3050: Fix incorrect free_irq() variable (git-fixes).\n- iio: gyro: mpu3050: Fix irq resource leak (git-fixes).\n- iio: gyro: mpu3050: Fix out-of-sequence free_irq() (git-fixes).\n- iio: gyro: mpu3050: Move iio_device_register() to correct location (git-fixes).\n- iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (git-fixes).\n- iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (git-fixes).\n- iio: imu: inv_icm42600: fix odr switch to the same value (git-fixes).\n- iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (git-fixes).\n- iio: light: vcnl4035: fix scan buffer on big-endian (git-fixes).\n- iio: potentiometer: mcp4131: fix double application of wiper shift (git-fixes).\n- irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (git-fixes).\n- mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (stable-fixes).\n- media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (git-fixes).\n- media: tegra-video: Use accessors for pad config \u0027try_*\u0027 fields (stable-fixes).\n- mfd: omap-usb-host: Convert to platform remove callback returning void (stable-fixes).\n- mfd: omap-usb-host: Fix OF populate on driver rebind (git-fixes).\n- mfd: qcom-pm8xxx: Convert to platform remove callback returning void (stable-fixes).\n- mfd: qcom-pm8xxx: Fix OF populate on driver rebind (git-fixes).\n- misc: fastrpc: possible double-free of cctx-\u003eremote_heap (git-fixes).\n- mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (git-fixes).\n- mmc: sdhci: fix timing selection for 1-bit bus width (git-fixes).\n- mtd: Avoid boot crash in RedBoot partition table parser (git-fixes).\n- mtd: rawnand: brcmnand: skip DMA during panic write (git-fixes).\n- mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (git-fixes).\n- mtd: rawnand: pl353: make sure optimal timings are applied (git-fixes).\n- mtd: rawnand: serialize lock/unlock against other NAND operations (git-fixes).\n- mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (stable-fixes).\n- mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (stable-fixes).\n- net/mana: Null service_wq on setup error to prevent double destroy (git-fix).\n- net/mana: Null service_wq on setup error to prevent double destroy (git-fixes).\n- net/mlx5: Fix crash when moving to switchdev mode (git-fixes).\n- net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (git-fixes).\n- net/x25: Fix overflow when accumulating packets (git-fixes).\n- net/x25: Fix potential double free of skb (git-fixes).\n- net: mana: Add metadata support for xdp mode (git-fixes).\n- net: mana: Add standard counter rx_missed_errors (git-fixes).\n- net: mana: Add support for auxiliary device servicing events (bsc#1251971).\n- net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).\n- net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).\n- net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).\n- net: mana: Fix use-after-free in reset service rescan path (git-fixes).\n- net: mana: Fix warnings for missing export.h header inclusion (git-fixes).\n- net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).\n- net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).\n- net: mana: Handle hardware recovery events when probing the device (bsc#1257466).\n- net: mana: Handle unsupported HWC commands (git-fixes).\n- net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).\n- net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).\n- net: mana: Probe rdma device in mana driver (git-fixes).\n- net: mana: Reduce waiting time if HWC not responding (bsc#1252266).\n- net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).\n- net: mana: Support HW link state events (bsc#1253049).\n- net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).\n- net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).\n- net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).\n- net: mana: fix use-after-free in add_adev() error path (git-fixes).\n- net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (git-fixes).\n- net: mana: use ethtool string helpers (git-fixes).\n- net: usb: aqc111: Do not perform PM inside suspend callback (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (git-fixes).\n- net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (git-fixes).\n- net: usb: pegasus: validate USB endpoints (stable-fixes).\n- nfc: nci: fix circular locking dependency in nci_close_device (git-fixes).\n- nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).\n- nvme: expose active quirks in sysfs (bsc#1243208). Refresh:\n- nvme: fix memory leak in quirks_param_set() (bsc#1243208).\n- phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (git-fixes).\n- pinctrl: equilibrium: fix warning trace on load (git-fixes).\n- pinctrl: equilibrium: rename irq_chip function callbacks (stable-fixes).\n- pinctrl: mediatek: common: Fix probe failure for devices without EINT (git-fixes).\n- pinctrl: qcom: spmi-gpio: implement .get_direction() (git-fixes).\n- platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (git-fixes).\n- platform/x86: ISST: Correct locked bit width (git-fixes).\n- platform/x86: dell-wmi: Add audio/mic mute key codes (stable-fixes).\n- platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (stable-fixes).\n- platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (stable-fixes).\n- platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (stable-fixes).\n- regmap: Synchronize cache for the page selector (git-fixes).\n- regulator: pca9450: Correct interrupt type (git-fixes).\n- regulator: pca9450: Make IRQ optional (stable-fixes).\n- s390/debug: Pass in and enforce output buffer size for format handlers (jsc#PED-15582).\n- scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).\n- scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).\n- scsi: storvsc: Remove redundant ternary operators (git-fixes).\n- serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (git-fixes).\n- serial: 8250: Fix TX deadlock when using DMA (git-fixes).\n- serial: 8250_pci: add support for the AX99100 (stable-fixes).\n- serial: uartlite: fix PM runtime usage count underflow on probe (git-fixes).\n- smb: client: add proper locking around ses-\u003eiface_last_update (git-fixes).\n- smb: client: fix broken multichannel with krb5+signing (git-fixes).\n- smb: client: fix cifs_pick_channel when channels are equally loaded (git-fixes).\n- smb: client: fix in-place encryption corruption in SMB2_write() (git-fixes).\n- smb: client: fix krb5 mount with username option (git-fixes).\n- smb: client: prevent races in -\u003equery_interfaces() (git-fixes).\n- soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (git-fixes).\n- soc: fsl: qbman: fix race condition in qman_destroy_fq (git-fixes).\n- spi: fix statistics allocation (git-fixes).\n- spi: fix use-after-free on controller registration failure (git-fixes).\n- spi: spi-fsl-lpspi: fix teardown order issue (UAF) (git-fixes).\n- staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (stable-fixes).\n- thunderbolt: Fix property read in nhi_wake_supported() (git-fixes).\n- tools/hv: add a .gitignore file (git-fixes).\n- tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).\n- tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).\n- tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).\n- tools: hv: lsvmbus: change shebang to use python3 (git-fixes).\n- usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (stable-fixes).\n- usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (git-fixes).\n- usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (stable-fixes).\n- usb: cdns3: fix role switching during resume (git-fixes).\n- usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (git-fixes).\n- usb: cdns3: gadget: fix state inconsistency on gadget init failure (git-fixes).\n- usb: cdns3: remove redundant if branch (stable-fixes).\n- usb: class: cdc-wdm: fix reordering issue in read code path (git-fixes).\n- usb: core: do not power off roothub PHYs if phy_set_mode() fails (git-fixes).\n- usb: core: new quirk to handle devices with zero configurations (stable-fixes).\n- usb: core: phy: avoid double use of \u0027usb3-phy\u0027 (git-fixes).\n- usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (git-fixes).\n- usb: dwc3: pci: add support for the Intel Nova Lake -H (stable-fixes).\n- usb: ehci-brcm: fix sleep during atomic (git-fixes).\n- usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (git-fixes).\n- usb: gadget: f_rndis: Protect RNDIS options with mutex (git-fixes).\n- usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (git-fixes).\n- usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (git-fixes).\n- usb: gadget: uvc: fix NULL pointer dereference during unbind race (git-fixes).\n- usb: image: mdc800: kill download URB on timeout (stable-fixes).\n- usb: mdc800: handle signal and read racing (stable-fixes).\n- usb: misc: uss720: properly clean up reference in uss720_probe() (stable-fixes).\n- usb: renesas_usbhs: fix use-after-free in ISR during device removal (git-fixes).\n- usb: roles: get usb role switch from parent only for usb-b-connector (git-fixes).\n- usb: ulpi: fix double free in ulpi_register_interface() error path (git-fixes).\n- usb: usbtmc: Flush anchored URBs in usbtmc_release (git-fixes).\n- usb: xhci: Fix memory leak in xhci_disable_slot() (git-fixes).\n- usb: xhci: Prevent interrupt storm on host controller error (HCE) (stable-fixes).\n- usb: yurex: fix race in probe (stable-fixes).\n- vhost: fix caching attributes of MMIO regions by setting them explicitly (git-fixes).\n- vmw_vsock: bypass false-positive Wnonnull warning with gcc-16 (git-fixes).\n- watchdog/perf: properly initialize the turbo mode timestamp and rearm counter (bsc#1256504).\n- wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (git-fixes).\n- wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (git-fixes).\n- wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (git-fixes).\n- wifi: mac80211: Fix static_branch_dec() underflow for aql_disable (git-fixes).\n- wifi: mac80211: fix NULL deref in mesh_matches_local() (git-fixes).\n- wifi: mac80211: set default WMM parameters on all links (stable-fixes).\n- wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (git-fixes).\n- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (git-fixes).\n- x86/platform/uv: Handle deconfigured sockets (bsc#1260347).\n- xen/privcmd: unregister xenstore notifier on module exit (git-fixes).\n- xenbus: Use .freeze/.thaw to handle xenbus devices (git-fixes).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2026-1573,SUSE-SLE-Module-Live-Patching-15-SP7-2026-1573,SUSE-SLE-Module-RT-15-SP7-2026-1573",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1573-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:1573-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261573-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:1573-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-April/045912.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1226591",
        "url": "https://bugzilla.suse.com/1226591"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1243208",
        "url": "https://bugzilla.suse.com/1243208"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1245728",
        "url": "https://bugzilla.suse.com/1245728"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251135",
        "url": "https://bugzilla.suse.com/1251135"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1251971",
        "url": "https://bugzilla.suse.com/1251971"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252073",
        "url": "https://bugzilla.suse.com/1252073"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252266",
        "url": "https://bugzilla.suse.com/1252266"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1252803",
        "url": "https://bugzilla.suse.com/1252803"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253049",
        "url": "https://bugzilla.suse.com/1253049"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253129",
        "url": "https://bugzilla.suse.com/1253129"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1255687",
        "url": "https://bugzilla.suse.com/1255687"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256504",
        "url": "https://bugzilla.suse.com/1256504"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256647",
        "url": "https://bugzilla.suse.com/1256647"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1256690",
        "url": "https://bugzilla.suse.com/1256690"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257466",
        "url": "https://bugzilla.suse.com/1257466"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257472",
        "url": "https://bugzilla.suse.com/1257472"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257506",
        "url": "https://bugzilla.suse.com/1257506"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257561",
        "url": "https://bugzilla.suse.com/1257561"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257682",
        "url": "https://bugzilla.suse.com/1257682"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257773",
        "url": "https://bugzilla.suse.com/1257773"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1257777",
        "url": "https://bugzilla.suse.com/1257777"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258280",
        "url": "https://bugzilla.suse.com/1258280"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258303",
        "url": "https://bugzilla.suse.com/1258303"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258305",
        "url": "https://bugzilla.suse.com/1258305"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258330",
        "url": "https://bugzilla.suse.com/1258330"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258337",
        "url": "https://bugzilla.suse.com/1258337"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258414",
        "url": "https://bugzilla.suse.com/1258414"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258424",
        "url": "https://bugzilla.suse.com/1258424"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258447",
        "url": "https://bugzilla.suse.com/1258447"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1258476",
        "url": "https://bugzilla.suse.com/1258476"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259188",
        "url": "https://bugzilla.suse.com/1259188"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259580",
        "url": "https://bugzilla.suse.com/1259580"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259707",
        "url": "https://bugzilla.suse.com/1259707"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259795",
        "url": "https://bugzilla.suse.com/1259795"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259797",
        "url": "https://bugzilla.suse.com/1259797"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259865",
        "url": "https://bugzilla.suse.com/1259865"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259866",
        "url": "https://bugzilla.suse.com/1259866"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259886",
        "url": "https://bugzilla.suse.com/1259886"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259889",
        "url": "https://bugzilla.suse.com/1259889"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259891",
        "url": "https://bugzilla.suse.com/1259891"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259997",
        "url": "https://bugzilla.suse.com/1259997"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1259998",
        "url": "https://bugzilla.suse.com/1259998"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260005",
        "url": "https://bugzilla.suse.com/1260005"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260009",
        "url": "https://bugzilla.suse.com/1260009"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260347",
        "url": "https://bugzilla.suse.com/1260347"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260464",
        "url": "https://bugzilla.suse.com/1260464"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260471",
        "url": "https://bugzilla.suse.com/1260471"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260481",
        "url": "https://bugzilla.suse.com/1260481"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260486",
        "url": "https://bugzilla.suse.com/1260486"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260500",
        "url": "https://bugzilla.suse.com/1260500"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260562",
        "url": "https://bugzilla.suse.com/1260562"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260730",
        "url": "https://bugzilla.suse.com/1260730"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260732",
        "url": "https://bugzilla.suse.com/1260732"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260735",
        "url": "https://bugzilla.suse.com/1260735"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1260799",
        "url": "https://bugzilla.suse.com/1260799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261496",
        "url": "https://bugzilla.suse.com/1261496"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1261498",
        "url": "https://bugzilla.suse.com/1261498"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2024-38542 page",
        "url": "https://www.suse.com/security/cve/CVE-2024-38542/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-39998 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-39998/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-68794 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-68794/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-71231 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-71231/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-71268 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-71268/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-71269 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-71269/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23030 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23030/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23047 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23047/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23103 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23103/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23120 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23120/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23136 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23136/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23140 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23140/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23187 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23187/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23193 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23193/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23201 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23201/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23215 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23215/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23216 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23216/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23231 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23231/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23242 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23242/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23243 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23243/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23255 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23255/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23259 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23259/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23270 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23270/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23272 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23272/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23274 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23274/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23277 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23277/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23278 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23278/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23281 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23281/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23292 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23292/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23293 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23293/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23317 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23317/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23319 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23319/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23361 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23361/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23379 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23379/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23381 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23381/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23386 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23386/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23398 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23398/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23413 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23413/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-23414 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-23414/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2026-31788 page",
        "url": "https://www.suse.com/security/cve/CVE-2026-31788/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2026-04-23T15:52:40Z",
      "generator": {
        "date": "2026-04-23T15:52:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:1573-1",
      "initial_release_date": "2026-04-23T15:52:40Z",
      "revision_history": [
        {
          "date": "2026-04-23T15:52:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
                "product": {
                  "name": "kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
                  "product_id": "kernel-devel-rt-6.4.0-150700.7.37.2.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-6.4.0-150700.7.37.2.noarch",
                "product": {
                  "name": "kernel-source-rt-6.4.0-150700.7.37.2.noarch",
                  "product_id": "kernel-source-rt-6.4.0-150700.7.37.2.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
                  "product_id": "kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-devel-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-extra-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-extra-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-extra-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-livepatch-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-livepatch-devel-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-livepatch-devel-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-livepatch-devel-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-optional-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-optional-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-optional-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-vdso-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kernel-rt-vdso-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kernel-rt-vdso-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
                  "product_id": "kernel-syms-rt-6.4.0-150700.7.37.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kselftests-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "kselftests-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "kselftests-kmp-rt-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "reiserfs-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                "product": {
                  "name": "reiserfs-kmp-rt-6.4.0-150700.7.37.2.x86_64",
                  "product_id": "reiserfs-kmp-rt-6.4.0-150700.7.37.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP7",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP7",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp7"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Real Time Module 15 SP7",
                "product": {
                  "name": "SUSE Real Time Module 15 SP7",
                  "product_id": "SUSE Real Time Module 15 SP7",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-rt:15:sp7"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP7",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64"
        },
        "product_reference": "kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        },
        "product_reference": "cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        },
        "product_reference": "dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        },
        "product_reference": "gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-rt-6.4.0-150700.7.37.2.noarch as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch"
        },
        "product_reference": "kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-6.4.0-150700.7.37.2.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64"
        },
        "product_reference": "kernel-rt-6.4.0-150700.7.37.2.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-6.4.0-150700.7.37.2.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64"
        },
        "product_reference": "kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-6.4.0-150700.7.37.2.noarch as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch"
        },
        "product_reference": "kernel-source-rt-6.4.0-150700.7.37.2.noarch",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-rt-6.4.0-150700.7.37.1.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64"
        },
        "product_reference": "kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64 as component of SUSE Real Time Module 15 SP7",
          "product_id": "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        },
        "product_reference": "ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
        "relates_to_product_reference": "SUSE Real Time Module 15 SP7"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-38542",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2024-38542"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mana_ib: boundary check before installing cq callbacks\n\nAdd a boundary check inside mana_ib_install_cq_cb to prevent index overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2024-38542",
          "url": "https://www.suse.com/security/cve/CVE-2024-38542"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1226591 for CVE-2024-38542",
          "url": "https://bugzilla.suse.com/1226591"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2024-38542"
    },
    {
      "cve": "CVE-2025-39998",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-39998"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: target_core_configfs: Add length check to avoid buffer overflow\n\nA buffer overflow arises from the usage of snprintf to write into the\nbuffer \"buf\" in target_lu_gp_members_show function located in\n/drivers/target/target_core_configfs.c. This buffer is allocated with\nsize LU_GROUP_NAME_BUF (256 bytes).\n\nsnprintf(...) formats multiple strings into buf with the HBA name\n(hba-\u003ehba_group.cg_item), a slash character, a devicename (dev-\u003e\ndev_group.cg_item) and a newline character, the total formatted string\nlength may exceed the buffer size of 256 bytes.\n\nSince snprintf() returns the total number of bytes that would have been\nwritten (the length of %s/%sn ), this value may exceed the buffer length\n(256 bytes) passed to memcpy(), this will ultimately cause function\nmemcpy reporting a buffer overflow error.\n\nAn additional check of the return value of snprintf() can avoid this\nbuffer overflow.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-39998",
          "url": "https://www.suse.com/security/cve/CVE-2025-39998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1252073 for CVE-2025-39998",
          "url": "https://bugzilla.suse.com/1252073"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-39998"
    },
    {
      "cve": "CVE-2025-68794",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-68794"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: adjust read range correctly for non-block-aligned positions\n\niomap_adjust_read_range() assumes that the position and length passed in\nare block-aligned. This is not always the case however, as shown in the\nsyzbot generated case for erofs. This causes too many bytes to be\nskipped for uptodate blocks, which results in returning the incorrect\nposition and length to read in. If all the blocks are uptodate, this\nunderflows length and returns a position beyond the folio.\n\nFix the calculation to also take into account the block offset when\ncalculating how many bytes can be skipped for uptodate blocks.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-68794",
          "url": "https://www.suse.com/security/cve/CVE-2025-68794"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1256647 for CVE-2025-68794",
          "url": "https://bugzilla.suse.com/1256647"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-68794"
    },
    {
      "cve": "CVE-2025-71231",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-71231"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode\n\nThe local variable \u0027i\u0027 is initialized with -EINVAL, but the for loop\nimmediately overwrites it and -EINVAL is never returned.\n\nIf no empty compression mode can be found, the function would return the\nout-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid\narray access in add_iaa_compression_mode().\n\nFix both issues by returning either a valid index or -EINVAL.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-71231",
          "url": "https://www.suse.com/security/cve/CVE-2025-71231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258424 for CVE-2025-71231",
          "url": "https://bugzilla.suse.com/1258424"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258425 for CVE-2025-71231",
          "url": "https://bugzilla.suse.com/1258425"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-71231"
    },
    {
      "cve": "CVE-2025-71268",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-71268"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix reservation leak in some error paths when inserting inline extent\n\nIf we fail to allocate a path or join a transaction, we return from\n__cow_file_range_inline() without freeing the reserved qgroup data,\nresulting in a leak. Fix this by ensuring we call btrfs_qgroup_free_data()\nin such cases.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-71268",
          "url": "https://www.suse.com/security/cve/CVE-2025-71268"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259865 for CVE-2025-71268",
          "url": "https://bugzilla.suse.com/1259865"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-71268"
    },
    {
      "cve": "CVE-2025-71269",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-71269"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: do not free data reservation in fallback from inline due to -ENOSPC\n\nIf we fail to create an inline extent due to -ENOSPC, we will attempt to\ngo through the normal COW path, reserve an extent, create an ordered\nextent, etc. However we were always freeing the reserved qgroup data,\nwhich is wrong since we will use data. Fix this by freeing the reserved\nqgroup data in __cow_file_range_inline() only if we are not doing the\nfallback (ret is \u003c= 0).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-71269",
          "url": "https://www.suse.com/security/cve/CVE-2025-71269"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259889 for CVE-2025-71269",
          "url": "https://bugzilla.suse.com/1259889"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-71269"
    },
    {
      "cve": "CVE-2026-23030",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23030"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe()\n\nThe for_each_available_child_of_node() calls of_node_put() to\nrelease child_np in each success loop. After breaking from the\nloop with the child_np has been released, the code will jump to\nthe put_child label and will call the of_node_put() again if the\ndevm_request_threaded_irq() fails. These cause a double free bug.\n\nFix by returning directly to avoid the duplicate of_node_put().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23030",
          "url": "https://www.suse.com/security/cve/CVE-2026-23030"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1257561 for CVE-2026-23030",
          "url": "https://bugzilla.suse.com/1257561"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23030"
    },
    {
      "cve": "CVE-2026-23047",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23047"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: make calc_target() set t-\u003epaused, not just clear it\n\nCurrently calc_target() clears t-\u003epaused if the request shouldn\u0027t be\npaused anymore, but doesn\u0027t ever set t-\u003epaused even though it\u0027s able to\ndetermine when the request should be paused.  Setting t-\u003epaused is left\nto __submit_request() which is fine for regular requests but doesn\u0027t\nwork for linger requests -- since __submit_request() doesn\u0027t operate\non linger requests, there is nowhere for lreq-\u003et.paused to be set.\nOne consequence of this is that watches don\u0027t get reestablished on\npaused -\u003e unpaused transitions in cases where requests have been paused\nlong enough for the (paused) unwatch request to time out and for the\nsubsequent (re)watch request to enter the paused state.  On top of the\nwatch not getting reestablished, rbd_reregister_watch() gets stuck with\nrbd_dev-\u003ewatch_mutex held:\n\n  rbd_register_watch\n    __rbd_register_watch\n      ceph_osdc_watch\n        linger_reg_commit_wait\n\nIt\u0027s waiting for lreq-\u003ereg_commit_wait to be completed, but for that to\nhappen the respective request needs to end up on need_resend_linger list\nand be kicked when requests are unpaused.  There is no chance for that\nif the request in question is never marked paused in the first place.\n\nThe fact that rbd_dev-\u003ewatch_mutex remains taken out forever then\nprevents the image from getting unmapped -- \"rbd unmap\" would inevitably\nhang in D state on an attempt to grab the mutex.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23047",
          "url": "https://www.suse.com/security/cve/CVE-2026-23047"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1257682 for CVE-2026-23047",
          "url": "https://bugzilla.suse.com/1257682"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23047"
    },
    {
      "cve": "CVE-2026-23103",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23103"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipvlan: Make the addrs_lock be per port\n\nMake the addrs_lock be per port, not per ipvlan dev.\n\nInitial code seems to be written in the assumption,\nthat any address change must occur under RTNL.\nBut it is not so for the case of IPv6. So\n\n1) Introduce per-port addrs_lock.\n\n2) It was needed to fix places where it was forgotten\nto take lock (ipvlan_open/ipvlan_close)\n\nThis appears to be a very minor problem though.\nSince it\u0027s highly unlikely that ipvlan_add_addr() will\nbe called on 2 CPU simultaneously. But nevertheless,\nthis could cause:\n\n1) False-negative of ipvlan_addr_busy(): one interface\niterated through all port-\u003eipvlans + ipvlan-\u003eaddrs\nunder some ipvlan spinlock, and another added IP\nunder its own lock. Though this is only possible\nfor IPv6, since looks like only ipvlan_addr6_event() can be\ncalled without rtnl_lock.\n\n2) Race since ipvlan_ht_addr_add(port) is called under\ndifferent ipvlan-\u003eaddrs_lock locks\n\nThis should not affect performance, since add/remove IP\nis a rare situation and spinlock is not taken on fast\npaths.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23103",
          "url": "https://www.suse.com/security/cve/CVE-2026-23103"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1257773 for CVE-2026-23103",
          "url": "https://bugzilla.suse.com/1257773"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23103"
    },
    {
      "cve": "CVE-2026-23120",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23120"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nl2tp: avoid one data-race in l2tp_tunnel_del_work()\n\nWe should read sk-\u003esk_socket only when dealing with kernel sockets.\n\nsyzbot reported the following data-race:\n\nBUG: KCSAN: data-race in l2tp_tunnel_del_work / sk_common_release\n\nwrite to 0xffff88811c182b20 of 8 bytes by task 5365 on cpu 0:\n  sk_set_socket include/net/sock.h:2092 [inline]\n  sock_orphan include/net/sock.h:2118 [inline]\n  sk_common_release+0xae/0x230 net/core/sock.c:4003\n  udp_lib_close+0x15/0x20 include/net/udp.h:325\n  inet_release+0xce/0xf0 net/ipv4/af_inet.c:437\n  __sock_release net/socket.c:662 [inline]\n  sock_close+0x6b/0x150 net/socket.c:1455\n  __fput+0x29b/0x650 fs/file_table.c:468\n  ____fput+0x1c/0x30 fs/file_table.c:496\n  task_work_run+0x131/0x1a0 kernel/task_work.c:233\n  resume_user_mode_work include/linux/resume_user_mode.h:50 [inline]\n  __exit_to_user_mode_loop kernel/entry/common.c:44 [inline]\n  exit_to_user_mode_loop+0x1fe/0x740 kernel/entry/common.c:75\n  __exit_to_user_mode_prepare include/linux/irq-entry-common.h:226 [inline]\n  syscall_exit_to_user_mode_prepare include/linux/irq-entry-common.h:256 [inline]\n  syscall_exit_to_user_mode_work include/linux/entry-common.h:159 [inline]\n  syscall_exit_to_user_mode include/linux/entry-common.h:194 [inline]\n  do_syscall_64+0x1e1/0x2b0 arch/x86/entry/syscall_64.c:100\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nread to 0xffff88811c182b20 of 8 bytes by task 827 on cpu 1:\n  l2tp_tunnel_del_work+0x2f/0x1a0 net/l2tp/l2tp_core.c:1418\n  process_one_work kernel/workqueue.c:3257 [inline]\n  process_scheduled_works+0x4ce/0x9d0 kernel/workqueue.c:3340\n  worker_thread+0x582/0x770 kernel/workqueue.c:3421\n  kthread+0x489/0x510 kernel/kthread.c:463\n  ret_from_fork+0x149/0x290 arch/x86/kernel/process.c:158\n  ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:246\n\nvalue changed: 0xffff88811b818000 -\u003e 0x0000000000000000",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23120",
          "url": "https://www.suse.com/security/cve/CVE-2026-23120"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258280 for CVE-2026-23120",
          "url": "https://bugzilla.suse.com/1258280"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23120"
    },
    {
      "cve": "CVE-2026-23136",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23136"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlibceph: reset sparse-read state in osd_fault()\n\nWhen a fault occurs, the connection is abandoned, reestablished, and any\npending operations are retried. The OSD client tracks the progress of a\nsparse-read reply using a separate state machine, largely independent of\nthe messenger\u0027s state.\n\nIf a connection is lost mid-payload or the sparse-read state machine\nreturns an error, the sparse-read state is not reset. The OSD client\nwill then interpret the beginning of a new reply as the continuation of\nthe old one. If this makes the sparse-read machinery enter a failure\nstate, it may never recover, producing loops like:\n\n  libceph:  [0] got 0 extents\n  libceph: data len 142248331 != extent len 0\n  libceph: osd0 (1)...:6801 socket error on read\n  libceph: data len 142248331 != extent len 0\n  libceph: osd0 (1)...:6801 socket error on read\n\nTherefore, reset the sparse-read state in osd_fault(), ensuring retries\nstart from a clean state.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23136",
          "url": "https://www.suse.com/security/cve/CVE-2026-23136"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258303 for CVE-2026-23136",
          "url": "https://bugzilla.suse.com/1258303"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23136"
    },
    {
      "cve": "CVE-2026-23140",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23140"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf, test_run: Subtract size of xdp_frame from allowed metadata size\n\nThe xdp_frame structure takes up part of the XDP frame headroom,\nlimiting the size of the metadata. However, in bpf_test_run, we don\u0027t\ntake this into account, which makes it possible for userspace to supply\na metadata size that is too large (taking up the entire headroom).\n\nIf userspace supplies such a large metadata size in live packet mode,\nthe xdp_update_frame_from_buff() call in xdp_test_run_init_page() call\nwill fail, after which packet transmission proceeds with an\nuninitialised frame structure, leading to the usual Bad Stuff.\n\nThe commit in the Fixes tag fixed a related bug where the second check\nin xdp_update_frame_from_buff() could fail, but did not add any\nadditional constraints on the metadata size. Complete the fix by adding\nan additional check on the metadata size. Reorder the checks slightly to\nmake the logic clearer and add a comment.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23140",
          "url": "https://www.suse.com/security/cve/CVE-2026-23140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258305 for CVE-2026-23140",
          "url": "https://bugzilla.suse.com/1258305"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23140"
    },
    {
      "cve": "CVE-2026-23187",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23187"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\npmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-\u003edomains\n\nFix out-of-range access of bc-\u003edomains in imx8m_blk_ctrl_remove().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23187",
          "url": "https://www.suse.com/security/cve/CVE-2026-23187"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258330 for CVE-2026-23187",
          "url": "https://bugzilla.suse.com/1258330"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23187"
    },
    {
      "cve": "CVE-2026-23193",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23193"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count()\n\nIn iscsit_dec_session_usage_count(), the function calls complete() while\nholding the sess-\u003esession_usage_lock. Similar to the connection usage count\nlogic, the waiter signaled by complete() (e.g., in the session release\npath) may wake up and free the iscsit_session structure immediately.\n\nThis creates a race condition where the current thread may attempt to\nexecute spin_unlock_bh() on a session structure that has already been\ndeallocated, resulting in a KASAN slab-use-after-free.\n\nTo resolve this, release the session_usage_lock before calling complete()\nto ensure all dereferences of the sess pointer are finished before the\nwaiter is allowed to proceed with deallocation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23193",
          "url": "https://www.suse.com/security/cve/CVE-2026-23193"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258414 for CVE-2026-23193",
          "url": "https://bugzilla.suse.com/1258414"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23193"
    },
    {
      "cve": "CVE-2026-23201",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23201"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nceph: fix oops due to invalid pointer for kfree() in parse_longname()\n\nThis fixes a kernel oops when reading ceph snapshot directories (.snap),\nfor example by simply running `ls /mnt/my_ceph/.snap`.\n\nThe variable str is guarded by __free(kfree), but advanced by one for\nskipping the initial \u0027_\u0027 in snapshot names. Thus, kfree() is called\nwith an invalid pointer.  This patch removes the need for advancing the\npointer so kfree() is called with correct memory pointer.\n\nSteps to reproduce:\n\n1. Create snapshots on a cephfs volume (I\u0027ve 63 snaps in my testcase)\n\n2. Add cephfs mount to fstab\n$ echo \"samba-fileserver@.files=/volumes/datapool/stuff/3461082b-ecc9-4e82-8549-3fd2590d3fb6      /mnt/test/stuff   ceph     acl,noatime,_netdev    0       0\" \u003e\u003e /etc/fstab\n\n3. Reboot the system\n$ systemctl reboot\n\n4. Check if it\u0027s really mounted\n$ mount | grep stuff\n\n5. List snapshots (expected 63 snapshots on my system)\n$ ls /mnt/test/stuff/.snap\n\nNow ls hangs forever and the kernel log shows the oops.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23201",
          "url": "https://www.suse.com/security/cve/CVE-2026-23201"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258337 for CVE-2026-23201",
          "url": "https://bugzilla.suse.com/1258337"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23201"
    },
    {
      "cve": "CVE-2026-23215",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23215"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmware: Fix hypercall clobbers\n\nFedora QA reported the following panic:\n\n  BUG: unable to handle page fault for address: 0000000040003e54\n  #PF: supervisor write access in kernel mode\n  #PF: error_code(0x0002) - not-present page\n  Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS edk2-20251119-3.fc43 11/19/2025\n  RIP: 0010:vmware_hypercall4.constprop.0+0x52/0x90\n  ..\n  Call Trace:\n   vmmouse_report_events+0x13e/0x1b0\n   psmouse_handle_byte+0x15/0x60\n   ps2_interrupt+0x8a/0xd0\n   ...\n\nbecause the QEMU VMware mouse emulation is buggy, and clears the top 32\nbits of %rdi that the kernel kept a pointer in.\n\nThe QEMU vmmouse driver saves and restores the register state in a\n\"uint32_t data[6];\" and as a result restores the state with the high\nbits all cleared.\n\nRDI originally contained the value of a valid kernel stack address\n(0xff5eeb3240003e54).  After the vmware hypercall it now contains\n0x40003e54, and we get a page fault as a result when it is dereferenced.\n\nThe proper fix would be in QEMU, but this works around the issue in the\nkernel to keep old setups working, when old kernels had not happened to\nkeep any state in %rdi over the hypercall.\n\nIn theory this same issue exists for all the hypercalls in the vmmouse\ndriver; in practice it has only been seen with vmware_hypercall3() and\nvmware_hypercall4().  For now, just mark RDI/RSI as clobbered for those\ntwo calls.  This should have a minimal effect on code generation overall\nas it should be rare for the compiler to want to make RDI/RSI live\nacross hypercalls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23215",
          "url": "https://www.suse.com/security/cve/CVE-2026-23215"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258476 for CVE-2026-23215",
          "url": "https://bugzilla.suse.com/1258476"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23215"
    },
    {
      "cve": "CVE-2026-23216",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23216"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()\n\nIn iscsit_dec_conn_usage_count(), the function calls complete() while\nholding the conn-\u003econn_usage_lock. As soon as complete() is invoked, the\nwaiter (such as iscsit_close_connection()) may wake up and proceed to free\nthe iscsit_conn structure.\n\nIf the waiter frees the memory before the current thread reaches\nspin_unlock_bh(), it results in a KASAN slab-use-after-free as the function\nattempts to release a lock within the already-freed connection structure.\n\nFix this by releasing the spinlock before calling complete().",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23216",
          "url": "https://www.suse.com/security/cve/CVE-2026-23216"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258447 for CVE-2026-23216",
          "url": "https://bugzilla.suse.com/1258447"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1258448 for CVE-2026-23216",
          "url": "https://bugzilla.suse.com/1258448"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23216"
    },
    {
      "cve": "CVE-2026-23231",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23231"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nf_tables_addchain()\n\nnf_tables_addchain() publishes the chain to table-\u003echains via\nlist_add_tail_rcu() (in nft_chain_add()) before registering hooks.\nIf nf_tables_register_hook() then fails, the error path calls\nnft_chain_del() (list_del_rcu()) followed by nf_tables_chain_destroy()\nwith no RCU grace period in between.\n\nThis creates two use-after-free conditions:\n\n 1) Control-plane: nf_tables_dump_chains() traverses table-\u003echains\n    under rcu_read_lock(). A concurrent dump can still be walking\n    the chain when the error path frees it.\n\n 2) Packet path: for NFPROTO_INET, nf_register_net_hook() briefly\n    installs the IPv4 hook before IPv6 registration fails.  Packets\n    entering nft_do_chain() via the transient IPv4 hook can still be\n    dereferencing chain-\u003eblob_gen_X when the error path frees the\n    chain.\n\nAdd synchronize_rcu() between nft_chain_del() and the chain destroy\nso that all RCU readers -- both dump threads and in-flight packet\nevaluation -- have finished before the chain is freed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23231",
          "url": "https://www.suse.com/security/cve/CVE-2026-23231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259188 for CVE-2026-23231",
          "url": "https://bugzilla.suse.com/1259188"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259189 for CVE-2026-23231",
          "url": "https://bugzilla.suse.com/1259189"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23231"
    },
    {
      "cve": "CVE-2026-23242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/siw: Fix potential NULL pointer dereference in header processing\n\nIf siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(),\nqp-\u003erx_fpdu can be NULL. The error path in siw_tcp_rx_data()\ndereferences qp-\u003erx_fpdu-\u003emore_ddp_segs without checking, which\nmay lead to a NULL pointer deref. Only check more_ddp_segs when\nrx_fpdu is present.\n\nKASAN splat:\n[  101.384271] KASAN: null-ptr-deref in range [0x00000000000000c0-0x00000000000000c7]\n[  101.385869] RIP: 0010:siw_tcp_rx_data+0x13ad/0x1e50",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23242",
          "url": "https://www.suse.com/security/cve/CVE-2026-23242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259795 for CVE-2026-23242",
          "url": "https://bugzilla.suse.com/1259795"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23242"
    },
    {
      "cve": "CVE-2026-23243",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23243"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[  211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[  211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[  211.365867] ib_create_send_mad+0xa01/0x11b0\n[  211.365887] ib_umad_write+0x853/0x1c80",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23243",
          "url": "https://www.suse.com/security/cve/CVE-2026-23243"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259797 for CVE-2026-23243",
          "url": "https://bugzilla.suse.com/1259797"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259798 for CVE-2026-23243",
          "url": "https://bugzilla.suse.com/1259798"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23243"
    },
    {
      "cve": "CVE-2026-23255",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23255"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: add proper RCU protection to /proc/net/ptype\n\nYin Fengwei reported an RCU stall in ptype_seq_show() and provided\na patch.\n\nReal issue is that ptype_seq_next() and ptype_seq_show() violate\nRCU rules.\n\nptype_seq_show() runs under rcu_read_lock(), and reads pt-\u003edev\nto get device name without any barrier.\n\nAt the same time, concurrent writers can remove a packet_type structure\n(which is correctly freed after an RCU grace period) and clear pt-\u003edev\nwithout an RCU grace period.\n\nDefine ptype_iter_state to carry a dev pointer along seq_net_private:\n\nstruct ptype_iter_state {\n\tstruct seq_net_private\tp;\n\tstruct net_device\t*dev; // added in this patch\n};\n\nWe need to record the device pointer in ptype_get_idx() and\nptype_seq_next() so that ptype_seq_show() is safe against\nconcurrent pt-\u003edev changes.\n\nWe also need to add full RCU protection in ptype_seq_next().\n(Missing READ_ONCE() when reading list.next values)\n\nMany thanks to Dong Chenchen for providing a repro.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23255",
          "url": "https://www.suse.com/security/cve/CVE-2026-23255"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259891 for CVE-2026-23255",
          "url": "https://bugzilla.suse.com/1259891"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23255"
    },
    {
      "cve": "CVE-2026-23259",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23259"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nio_uring/rw: free potentially allocated iovec on cache put failure\n\nIf a read/write request goes through io_req_rw_cleanup() and has an\nallocated iovec attached and fails to put to the rw_cache, then it may\nend up with an unaccounted iovec pointer. Have io_rw_recycle() return\nwhether it recycled the request or not, and use that to gauge whether to\nfree a potential iovec or not.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23259",
          "url": "https://www.suse.com/security/cve/CVE-2026-23259"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259866 for CVE-2026-23259",
          "url": "https://bugzilla.suse.com/1259866"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23259"
    },
    {
      "cve": "CVE-2026-23270",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23270"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks\n\nAs Paolo said earlier [1]:\n\n\"Since the blamed commit below, classify can return TC_ACT_CONSUMED while\nthe current skb being held by the defragmentation engine. As reported by\nGangMin Kim, if such packet is that may cause a UaF when the defrag engine\nlater on tries to tuch again such packet.\"\n\nact_ct was never meant to be used in the egress path, however some users\nare attaching it to egress today [2]. Attempting to reach a middle\nground, we noticed that, while most qdiscs are not handling\nTC_ACT_CONSUMED, clsact/ingress qdiscs are. With that in mind, we\naddress the issue by only allowing act_ct to bind to clsact/ingress\nqdiscs and shared blocks. That way it\u0027s still possible to attach act_ct to\negress (albeit only with clsact).\n\n[1] https://lore.kernel.org/netdev/674b8cbfc385c6f37fb29a1de08d8fe5c2b0fbee.1771321118.git.pabeni@redhat.com/\n[2] https://lore.kernel.org/netdev/cc6bfb4a-4a2b-42d8-b9ce-7ef6644fb22b@ovn.org/",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23270",
          "url": "https://www.suse.com/security/cve/CVE-2026-23270"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259886 for CVE-2026-23270",
          "url": "https://bugzilla.suse.com/1259886"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23270"
    },
    {
      "cve": "CVE-2026-23272",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23272"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: unconditionally bump set-\u003enelems before insertion\n\nIn case that the set is full, a new element gets published then removed\nwithout waiting for the RCU grace period, while RCU reader can be\nwalking over it already.\n\nTo address this issue, add the element transaction even if set is full,\nbut toggle the set_full flag to report -ENFILE so the abort path safely\nunwinds the set to its previous state.\n\nAs for element updates, decrement set-\u003enelems to restore it.\n\nA simpler fix is to call synchronize_rcu() in the error path.\nHowever, with a large batch adding elements to already maxed-out set,\nthis could cause noticeable slowdown of such batches.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23272",
          "url": "https://www.suse.com/security/cve/CVE-2026-23272"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260009 for CVE-2026-23272",
          "url": "https://bugzilla.suse.com/1260009"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260909 for CVE-2026-23272",
          "url": "https://bugzilla.suse.com/1260909"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23272"
    },
    {
      "cve": "CVE-2026-23274",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23274"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23274",
          "url": "https://www.suse.com/security/cve/CVE-2026-23274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260005 for CVE-2026-23274",
          "url": "https://bugzilla.suse.com/1260005"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260908 for CVE-2026-23274",
          "url": "https://bugzilla.suse.com/1260908"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23274"
    },
    {
      "cve": "CVE-2026-23277",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23277"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit\n\nteql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit\nthrough slave devices, but does not update skb-\u003edev to the slave device\nbeforehand.\n\nWhen a gretap tunnel is a TEQL slave, the transmit path reaches\niptunnel_xmit() which saves dev = skb-\u003edev (still pointing to teql0\nmaster) and later calls iptunnel_xmit_stats(dev, pkt_len). This\nfunction does:\n\n    get_cpu_ptr(dev-\u003etstats)\n\nSince teql_master_setup() does not set dev-\u003epcpu_stat_type to\nNETDEV_PCPU_STAT_TSTATS, the core network stack never allocates tstats\nfor teql0, so dev-\u003etstats is NULL. get_cpu_ptr(NULL) computes\nNULL + __per_cpu_offset[cpu], resulting in a page fault.\n\n BUG: unable to handle page fault for address: ffff8880e6659018\n #PF: supervisor write access in kernel mode\n #PF: error_code(0x0002) - not-present page\n PGD 68bc067 P4D 68bc067 PUD 0\n Oops: Oops: 0002 [#1] SMP KASAN PTI\n RIP: 0010:iptunnel_xmit (./include/net/ip_tunnels.h:664 net/ipv4/ip_tunnel_core.c:89)\n Call Trace:\n  \u003cTASK\u003e\n  ip_tunnel_xmit (net/ipv4/ip_tunnel.c:847)\n  __gre_xmit (net/ipv4/ip_gre.c:478)\n  gre_tap_xmit (net/ipv4/ip_gre.c:779)\n  teql_master_xmit (net/sched/sch_teql.c:319)\n  dev_hard_start_xmit (net/core/dev.c:3887)\n  sch_direct_xmit (net/sched/sch_generic.c:347)\n  __dev_queue_xmit (net/core/dev.c:4802)\n  neigh_direct_output (net/core/neighbour.c:1660)\n  ip_finish_output2 (net/ipv4/ip_output.c:237)\n  __ip_finish_output.part.0 (net/ipv4/ip_output.c:315)\n  ip_mc_output (net/ipv4/ip_output.c:369)\n  ip_send_skb (net/ipv4/ip_output.c:1508)\n  udp_send_skb (net/ipv4/udp.c:1195)\n  udp_sendmsg (net/ipv4/udp.c:1485)\n  inet_sendmsg (net/ipv4/af_inet.c:859)\n  __sys_sendto (net/socket.c:2206)\n\nFix this by setting skb-\u003edev = slave before calling\nnetdev_start_xmit(), so that tunnel xmit functions see the correct\nslave device with properly allocated tstats.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23277",
          "url": "https://www.suse.com/security/cve/CVE-2026-23277"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259997 for CVE-2026-23277",
          "url": "https://bugzilla.suse.com/1259997"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23277"
    },
    {
      "cve": "CVE-2026-23278",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23278"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: always walk all pending catchall elements\n\nDuring transaction processing we might have more than one catchall element:\n1 live catchall element and 1 pending element that is coming as part of the\nnew batch.\n\nIf the map holding the catchall elements is also going away, its\nrequired to toggle all catchall elements and not just the first viable\ncandidate.\n\nOtherwise, we get:\n WARNING: ./include/net/netfilter/nf_tables.h:1281 at nft_data_release+0xb7/0xe0 [nf_tables], CPU#2: nft/1404\n RIP: 0010:nft_data_release+0xb7/0xe0 [nf_tables]\n [..]\n __nft_set_elem_destroy+0x106/0x380 [nf_tables]\n nf_tables_abort_release+0x348/0x8d0 [nf_tables]\n nf_tables_abort+0xcf2/0x3ac0 [nf_tables]\n nfnetlink_rcv_batch+0x9c9/0x20e0 [..]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23278",
          "url": "https://www.suse.com/security/cve/CVE-2026-23278"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259998 for CVE-2026-23278",
          "url": "https://bugzilla.suse.com/1259998"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260907 for CVE-2026-23278",
          "url": "https://bugzilla.suse.com/1260907"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23278"
    },
    {
      "cve": "CVE-2026-23281",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23281"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: libertas: fix use-after-free in lbs_free_adapter()\n\nThe lbs_free_adapter() function uses timer_delete() (non-synchronous)\nfor both command_timer and tx_lockup_timer before the structure is\nfreed. This is incorrect because timer_delete() does not wait for\nany running timer callback to complete.\n\nIf a timer callback is executing when lbs_free_adapter() is called,\nthe callback will access freed memory since lbs_cfg_free() frees the\ncontaining structure immediately after lbs_free_adapter() returns.\n\nBoth timer callbacks (lbs_cmd_timeout_handler and lbs_tx_lockup_handler)\naccess priv-\u003edriver_lock, priv-\u003ecur_cmd, priv-\u003edev, and other fields,\nwhich would all be use-after-free violations.\n\nUse timer_delete_sync() instead to ensure any running timer callback\nhas completed before returning.\n\nThis bug was introduced in commit 8f641d93c38a (\"libertas: detect TX\nlockups and reset hardware\") where del_timer() was used instead of\ndel_timer_sync() in the cleanup path. The command_timer has had the\nsame issue since the driver was first written.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23281",
          "url": "https://www.suse.com/security/cve/CVE-2026-23281"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260464 for CVE-2026-23281",
          "url": "https://bugzilla.suse.com/1260464"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260466 for CVE-2026-23281",
          "url": "https://bugzilla.suse.com/1260466"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23281"
    },
    {
      "cve": "CVE-2026-23292",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23292"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: target: Fix recursive locking in __configfs_open_file()\n\nIn flush_write_buffer, \u0026p-\u003efrag_sem is acquired and then the loaded store\nfunction is called, which, here, is target_core_item_dbroot_store().  This\nfunction called filp_open(), following which these functions were called\n(in reverse order), according to the call trace:\n\n  down_read\n  __configfs_open_file\n  do_dentry_open\n  vfs_open\n  do_open\n  path_openat\n  do_filp_open\n  file_open_name\n  filp_open\n  target_core_item_dbroot_store\n  flush_write_buffer\n  configfs_write_iter\n\ntarget_core_item_dbroot_store() tries to validate the new file path by\ntrying to open the file path provided to it; however, in this case, the bug\nreport shows:\n\ndb_root: not a directory: /sys/kernel/config/target/dbroot\n\nindicating that the same configfs file was tried to be opened, on which it\nis currently working on. Thus, it is trying to acquire frag_sem semaphore\nof the same file of which it already holds the semaphore obtained in\nflush_write_buffer(), leading to acquiring the semaphore in a nested manner\nand a possibility of recursive locking.\n\nFix this by modifying target_core_item_dbroot_store() to use kern_path()\ninstead of filp_open() to avoid opening the file using filesystem-specific\nfunction __configfs_open_file(), and further modifying it to make this fix\ncompatible.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23292",
          "url": "https://www.suse.com/security/cve/CVE-2026-23292"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260500 for CVE-2026-23292",
          "url": "https://bugzilla.suse.com/1260500"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23292"
    },
    {
      "cve": "CVE-2026-23293",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23293"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. If an IPv6 packet is injected into the interface,\nroute_shortcircuit() is called and a NULL pointer dereference happens on\nneigh_lookup().\n\n BUG: kernel NULL pointer dereference, address: 0000000000000380\n Oops: Oops: 0000 [#1] SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x20/0x270\n [...]\n Call Trace:\n  \u003cTASK\u003e\n  vxlan_xmit+0x638/0x1ef0 [vxlan]\n  dev_hard_start_xmit+0x9e/0x2e0\n  __dev_queue_xmit+0xbee/0x14e0\n  packet_sendmsg+0x116f/0x1930\n  __sys_sendto+0x1f5/0x200\n  __x64_sys_sendto+0x24/0x30\n  do_syscall_64+0x12f/0x1590\n  entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nFix this by adding an early check on route_shortcircuit() when protocol\nis ETH_P_IPV6. Note that ipv6_mod_enabled() cannot be used here because\nVXLAN can be built-in even when IPv6 is built as a module.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23293",
          "url": "https://www.suse.com/security/cve/CVE-2026-23293"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260486 for CVE-2026-23293",
          "url": "https://bugzilla.suse.com/1260486"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23293"
    },
    {
      "cve": "CVE-2026-23317",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23317"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23317",
          "url": "https://www.suse.com/security/cve/CVE-2026-23317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260562 for CVE-2026-23317",
          "url": "https://bugzilla.suse.com/1260562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260563 for CVE-2026-23317",
          "url": "https://bugzilla.suse.com/1260563"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-23317"
    },
    {
      "cve": "CVE-2026-23319",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23319"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim\n\nThe root cause of this bug is that when \u0027bpf_link_put\u0027 reduces the\nrefcount of \u0027shim_link-\u003elink.link\u0027 to zero, the resource is considered\nreleased but may still be referenced via \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027cgroup_shim_find\u0027. The actual cleanup of \u0027tr-\u003eprogs_hlist\u0027 in\n\u0027bpf_shim_tramp_link_release\u0027 is deferred. During this window, another\nprocess can cause a use-after-free via \u0027bpf_trampoline_link_cgroup_shim\u0027.\n\nBased on Martin KaFai Lau\u0027s suggestions, I have created a simple patch.\n\nTo fix this:\n   Add an atomic non-zero check in \u0027bpf_trampoline_link_cgroup_shim\u0027.\n   Only increment the refcount if it is not already zero.\n\nTesting:\n   I verified the fix by adding a delay in\n   \u0027bpf_shim_tramp_link_release\u0027 to make the bug easier to trigger:\n\nstatic void bpf_shim_tramp_link_release(struct bpf_link *link)\n{\n\t/* ... */\n\tif (!shim_link-\u003etrampoline)\n\t\treturn;\n\n+\tmsleep(100);\n\tWARN_ON_ONCE(bpf_trampoline_unlink_prog(\u0026shim_link-\u003elink,\n\t\tshim_link-\u003etrampoline, NULL));\n\tbpf_trampoline_put(shim_link-\u003etrampoline);\n}\n\nBefore the patch, running a PoC easily reproduced the crash(almost 100%)\nwith a call trace similar to KaiyanM\u0027s report.\nAfter the patch, the bug no longer occurs even after millions of\niterations.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23319",
          "url": "https://www.suse.com/security/cve/CVE-2026-23319"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260735 for CVE-2026-23319",
          "url": "https://bugzilla.suse.com/1260735"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23319"
    },
    {
      "cve": "CVE-2026-23361",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23361"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry\n\nEndpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X\ninterrupt to the host using a writel(), which generates a PCI posted write\ntransaction.  There\u0027s no completion for posted writes, so the writel() may\nreturn before the PCI write completes.  dw_pcie_ep_raise_msix_irq() also\nunmaps the outbound ATU entry used for the PCI write, so the write races\nwith the unmap.\n\nIf the PCI write loses the race with the ATU unmap, the write may corrupt\nhost memory or cause IOMMU errors, e.g., these when running fio with a\nlarger queue depth against nvmet-pci-epf:\n\n  arm-smmu-v3 fc900000.iommu:      0x0000010000000010\n  arm-smmu-v3 fc900000.iommu:      0x0000020000000000\n  arm-smmu-v3 fc900000.iommu:      0x000000090000f040\n  arm-smmu-v3 fc900000.iommu:      0x0000000000000000\n  arm-smmu-v3 fc900000.iommu: event: F_TRANSLATION client: 0000:01:00.0 sid: 0x100 ssid: 0x0 iova: 0x90000f040 ipa: 0x0\n  arm-smmu-v3 fc900000.iommu: unpriv data write s1 \"Input address caused fault\" stag: 0x0\n\nFlush the write by performing a readl() of the same address to ensure that\nthe write has reached the destination before the ATU entry is unmapped.\n\nThe same problem was solved for dw_pcie_ep_raise_msi_irq() in commit\n8719c64e76bf (\"PCI: dwc: ep: Cache MSI outbound iATU mapping\"), but there\nit was solved by dedicating an outbound iATU only for MSI. We can\u0027t do the\nsame for MSI-X because each vector can have a different msg_addr and the\nmsg_addr may be changed while the vector is masked.\n\n[bhelgaas: commit log]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23361",
          "url": "https://www.suse.com/security/cve/CVE-2026-23361"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260732 for CVE-2026-23361",
          "url": "https://bugzilla.suse.com/1260732"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23361"
    },
    {
      "cve": "CVE-2026-23379",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23379"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: ets: fix divide by zero in the offload path\n\nOffloading ETS requires computing each class\u0027 WRR weight: this is done by\naveraging over the sums of quanta as \u0027q_sum\u0027 and \u0027q_psum\u0027. Using unsigned\nint, the same integer size as the individual DRR quanta, can overflow and\neven cause division by zero, like it happened in the following splat:\n\n Oops: divide error: 0000 [#1] SMP PTI\n CPU: 13 UID: 0 PID: 487 Comm: tc Tainted: G            E       6.19.0-virtme #45 PREEMPT(full)\n Tainted: [E]=UNSIGNED_MODULE\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS:  00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Call Trace:\n  \u003cTASK\u003e\n  ets_qdisc_change+0x870/0xf40 [sch_ets]\n  qdisc_create+0x12b/0x540\n  tc_modify_qdisc+0x6d7/0xbd0\n  rtnetlink_rcv_msg+0x168/0x6b0\n  netlink_rcv_skb+0x5c/0x110\n  netlink_unicast+0x1d6/0x2b0\n  netlink_sendmsg+0x22e/0x470\n  ____sys_sendmsg+0x38a/0x3c0\n  ___sys_sendmsg+0x99/0xe0\n  __sys_sendmsg+0x8a/0xf0\n  do_syscall_64+0x111/0xf80\n  entry_SYSCALL_64_after_hwframe+0x77/0x7f\n RIP: 0033:0x7f440b81c77e\n Code: 4d 89 d8 e8 d4 bc 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 \u003cc9\u003e c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa\n RSP: 002b:00007fff951e4c10 EFLAGS: 00000202 ORIG_RAX: 000000000000002e\n RAX: ffffffffffffffda RBX: 0000000000481820 RCX: 00007f440b81c77e\n RDX: 0000000000000000 RSI: 00007fff951e4cd0 RDI: 0000000000000003\n RBP: 00007fff951e4c20 R08: 0000000000000000 R09: 0000000000000000\n R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff951f4fa8\n R13: 00000000699ddede R14: 00007f440bb01000 R15: 0000000000486980\n  \u003c/TASK\u003e\n Modules linked in: sch_ets(E) netdevsim(E)\n ---[ end trace 0000000000000000 ]---\n RIP: 0010:ets_offload_change+0x11f/0x290 [sch_ets]\n Code: e4 45 31 ff eb 03 41 89 c7 41 89 cb 89 ce 83 f9 0f 0f 87 b7 00 00 00 45 8b 08 31 c0 45 01 cc 45 85 c9 74 09 41 6b c4 64 31 d2 \u003c41\u003e f7 f2 89 c2 44 29 fa 45 89 df 41 83 fb 0f 0f 87 c7 00 00 00 44\n RSP: 0018:ffffd0a180d77588 EFLAGS: 00010246\n RAX: 00000000ffffff38 RBX: ffff8d3d482ca000 RCX: 0000000000000000\n RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffd0a180d77660\n RBP: ffffd0a180d77690 R08: ffff8d3d482ca2d8 R09: 00000000fffffffe\n R10: 0000000000000000 R11: 0000000000000000 R12: 00000000fffffffe\n R13: ffff8d3d472f2000 R14: 0000000000000003 R15: 0000000000000000\n FS:  00007f440b6c2740(0000) GS:ffff8d3dc9803000(0000) knlGS:0000000000000000\n CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 000000003cdd2000 CR3: 0000000007b58002 CR4: 0000000000172ef0\n Kernel panic - not syncing: Fatal exception\n Kernel Offset: 0x30000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)\n ---[ end Kernel panic - not syncing: Fatal exception ]---\n\nFix this using 64-bit integers for \u0027q_sum\u0027 and \u0027q_psum\u0027.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23379",
          "url": "https://www.suse.com/security/cve/CVE-2026-23379"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260481 for CVE-2026-23379",
          "url": "https://bugzilla.suse.com/1260481"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23379"
    },
    {
      "cve": "CVE-2026-23381",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23381"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: bridge: fix nd_tbl NULL dereference when IPv6 is disabled\n\nWhen booting with the \u0027ipv6.disable=1\u0027 parameter, the nd_tbl is never\ninitialized because inet6_init() exits before ndisc_init() is called\nwhich initializes it. Then, if neigh_suppress is enabled and an ICMPv6\nNeighbor Discovery packet reaches the bridge, br_do_suppress_nd() will\ndereference ipv6_stub-\u003end_tbl which is NULL, passing it to\nneigh_lookup(). This causes a kernel NULL pointer dereference.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000268\n Oops: 0000 [#1] PREEMPT SMP NOPTI\n [...]\n RIP: 0010:neigh_lookup+0x16/0xe0\n [...]\n Call Trace:\n  \u003cIRQ\u003e\n  ? neigh_lookup+0x16/0xe0\n  br_do_suppress_nd+0x160/0x290 [bridge]\n  br_handle_frame_finish+0x500/0x620 [bridge]\n  br_handle_frame+0x353/0x440 [bridge]\n  __netif_receive_skb_core.constprop.0+0x298/0x1110\n  __netif_receive_skb_one_core+0x3d/0xa0\n  process_backlog+0xa0/0x140\n  __napi_poll+0x2c/0x170\n  net_rx_action+0x2c4/0x3a0\n  handle_softirqs+0xd0/0x270\n  do_softirq+0x3f/0x60\n\nFix this by replacing IS_ENABLED(IPV6) call with ipv6_mod_enabled() in\nthe callers. This is in essence disabling NS/NA suppression when IPv6 is\ndisabled.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23381",
          "url": "https://www.suse.com/security/cve/CVE-2026-23381"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260471 for CVE-2026-23381",
          "url": "https://bugzilla.suse.com/1260471"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23381"
    },
    {
      "cve": "CVE-2026-23386",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23386"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL\n\nIn DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA\nbuffer cleanup path. It iterates num_bufs times and attempts to unmap\nentries in the dma array.\n\nThis leads to two issues:\n1. The dma array shares storage with tx_qpl_buf_ids (union).\n Interpreting buffer IDs as DMA addresses results in attempting to\n unmap incorrect memory locations.\n2. num_bufs in QPL mode (counting 2K chunks) can significantly exceed\n the size of the dma array, causing out-of-bounds access warnings\n(trace below is how we noticed this issue).\n\nUBSAN: array-index-out-of-bounds in\ndrivers/net/ethernet/drivers/net/ethernet/google/gve/gve_tx_dqo.c:178:5 index 18 is out of\nrange for type \u0027dma_addr_t[18]\u0027 (aka \u0027unsigned long long[18]\u0027)\nWorkqueue: gve gve_service_task [gve]\nCall Trace:\n\u003cTASK\u003e\ndump_stack_lvl+0x33/0xa0\n__ubsan_handle_out_of_bounds+0xdc/0x110\ngve_tx_stop_ring_dqo+0x182/0x200 [gve]\ngve_close+0x1be/0x450 [gve]\ngve_reset+0x99/0x120 [gve]\ngve_service_task+0x61/0x100 [gve]\nprocess_scheduled_works+0x1e9/0x380\n\nFix this by properly checking for QPL mode and delegating to\ngve_free_tx_qpl_bufs() to reclaim the buffers.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23386",
          "url": "https://www.suse.com/security/cve/CVE-2026-23386"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260799 for CVE-2026-23386",
          "url": "https://bugzilla.suse.com/1260799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23386"
    },
    {
      "cve": "CVE-2026-23398",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23398"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nicmp: fix NULL pointer dereference in icmp_tag_validation()\n\nicmp_tag_validation() unconditionally dereferences the result of\nrcu_dereference(inet_protos[proto]) without checking for NULL.\nThe inet_protos[] array is sparse -- only about 15 of 256 protocol\nnumbers have registered handlers. When ip_no_pmtu_disc is set to 3\n(hardened PMTU mode) and the kernel receives an ICMP Fragmentation\nNeeded error with a quoted inner IP header containing an unregistered\nprotocol number, the NULL dereference causes a kernel panic in\nsoftirq context.\n\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017]\n RIP: 0010:icmp_unreach (net/ipv4/icmp.c:1085 net/ipv4/icmp.c:1143)\n Call Trace:\n  \u003cIRQ\u003e\n  icmp_rcv (net/ipv4/icmp.c:1527)\n  ip_protocol_deliver_rcu (net/ipv4/ip_input.c:207)\n  ip_local_deliver_finish (net/ipv4/ip_input.c:242)\n  ip_local_deliver (net/ipv4/ip_input.c:262)\n  ip_rcv (net/ipv4/ip_input.c:573)\n  __netif_receive_skb_one_core (net/core/dev.c:6164)\n  process_backlog (net/core/dev.c:6628)\n  handle_softirqs (kernel/softirq.c:561)\n  \u003c/IRQ\u003e\n\nAdd a NULL check before accessing icmp_strict_tag_validation. If the\nprotocol has no registered handler, return false since it cannot\nperform strict tag validation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23398",
          "url": "https://www.suse.com/security/cve/CVE-2026-23398"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1260730 for CVE-2026-23398",
          "url": "https://bugzilla.suse.com/1260730"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23398"
    },
    {
      "cve": "CVE-2026-23413",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23413"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nclsact: Fix use-after-free in init/destroy rollback asymmetry\n\nFix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry.\nThe latter is achieved by first fully initializing a clsact instance, and\nthen in a second step having a replacement failure for the new clsact qdisc\ninstance. clsact_init() initializes ingress first and then takes care of the\negress part. This can fail midway, for example, via tcf_block_get_ext(). Upon\nfailure, the kernel will trigger the clsact_destroy() callback.\n\nCommit 1cb6f0bae504 (\"bpf: Fix too early release of tcx_entry\") details the\nway how the transition is happening. If tcf_block_get_ext on the q-\u003eingress_block\nends up failing, we took the tcx_miniq_inc reference count on the ingress\nside, but not yet on the egress side. clsact_destroy() tests whether the\n{ingress,egress}_entry was non-NULL. However, even in midway failure on the\nreplacement, both are in fact non-NULL with a valid egress_entry from the\nprevious clsact instance.\n\nWhat we really need to test for is whether the qdisc instance-specific ingress\nor egress side previously got initialized. This adds a small helper for checking\nthe miniq initialization called mini_qdisc_pair_inited, and utilizes that upon\nclsact_destroy() in order to fix the use-after-free scenario. Convert the\ningress_destroy() side as well so both are consistent to each other.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23413",
          "url": "https://www.suse.com/security/cve/CVE-2026-23413"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261498 for CVE-2026-23413",
          "url": "https://bugzilla.suse.com/1261498"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23413"
    },
    {
      "cve": "CVE-2026-23414",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-23414"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntls: Purge async_hold in tls_decrypt_async_wait()\n\nThe async_hold queue pins encrypted input skbs while\nthe AEAD engine references their scatterlist data. Once\ntls_decrypt_async_wait() returns, every AEAD operation\nhas completed and the engine no longer references those\nskbs, so they can be freed unconditionally.\n\nA subsequent patch adds batch async decryption to\ntls_sw_read_sock(), introducing a new call site that\nmust drain pending AEAD operations and release held\nskbs. Move __skb_queue_purge(\u0026ctx-\u003easync_hold) into\ntls_decrypt_async_wait() so the purge is centralized\nand every caller -- recvmsg\u0027s drain path, the -EBUSY\nfallback in tls_do_decryption(), and the new read_sock\nbatch path -- releases held skbs on synchronization\nwithout each site managing the purge independently.\n\nThis fixes a leak when tls_strp_msg_hold() fails part-way through,\nafter having added some cloned skbs to the async_hold\nqueue. tls_decrypt_sg() will then call tls_decrypt_async_wait() to\nprocess all pending decrypts, and drop back to synchronous mode, but\ntls_sw_recvmsg() only flushes the async_hold queue when one record has\nbeen processed in \"fully-async\" mode, which may not be the case here.\n\n[pabeni@redhat.com: added leak comment]",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-23414",
          "url": "https://www.suse.com/security/cve/CVE-2026-23414"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1261496 for CVE-2026-23414",
          "url": "https://bugzilla.suse.com/1261496"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2026-23414"
    },
    {
      "cve": "CVE-2026-31788",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2026-31788"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxen/privcmd: restrict usage in unprivileged domU\n\nThe Xen privcmd driver allows to issue arbitrary hypercalls from\nuser space processes. This is normally no problem, as access is\nusually limited to root and the hypervisor will deny any hypercalls\naffecting other domains.\n\nIn case the guest is booted using secure boot, however, the privcmd\ndriver would be enabling a root user process to modify e.g. kernel\nmemory contents, thus breaking the secure boot feature.\n\nThe only known case where an unprivileged domU is really needing to\nuse the privcmd driver is the case when it is acting as the device\nmodel for another guest. In this case all hypercalls issued via the\nprivcmd driver will target that other guest.\n\nFortunately the privcmd driver can already be locked down to allow\nonly hypercalls targeting a specific domain, but this mode can be\nactivated from user land only today.\n\nThe target domain can be obtained from Xenstore, so when not running\nin dom0 restrict the privcmd driver to that target domain from the\nbeginning, resolving the potential problem of breaking secure boot.\n\nThis is XSA-482\n\n---\nV2:\n- defer reading from Xenstore if Xenstore isn\u0027t ready yet (Jan Beulich)\n- wait in open() if target domain isn\u0027t known yet\n- issue message in case no target domain found (Jan Beulich)",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
          "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
          "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
          "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
          "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2026-31788",
          "url": "https://www.suse.com/security/cve/CVE-2026-31788"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1259707 for CVE-2026-31788",
          "url": "https://bugzilla.suse.com/1259707"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP7:kernel-livepatch-6_4_0-150700_7_37-rt-1-150700.1.3.1.x86_64",
            "SUSE Real Time Module 15 SP7:cluster-md-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:dlm-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:gfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-devel-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-rt-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-rt-devel-6.4.0-150700.7.37.2.x86_64",
            "SUSE Real Time Module 15 SP7:kernel-source-rt-6.4.0-150700.7.37.2.noarch",
            "SUSE Real Time Module 15 SP7:kernel-syms-rt-6.4.0-150700.7.37.1.x86_64",
            "SUSE Real Time Module 15 SP7:ocfs2-kmp-rt-6.4.0-150700.7.37.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-04-23T15:52:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2026-31788"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.