SUSE-SU-2026:2332-1
Vulnerability from csaf_suse - Published: 2026-06-10 08:41 - Updated: 2026-06-10 08:41Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
- CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
- CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
- CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).
Patchnames: SUSE-2026-2332,SUSE-SLE-Micro-5.5-2026-2332
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
44 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).\n- CVE-2026-43037: ip6_tunnel: clear skb2-\u003ecb in ip4ip6_err() (bsc#1263995).\n- CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).\n- CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).\n- CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).\n- CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).\n- CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).\n- CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2332,SUSE-SLE-Micro-5.5-2026-2332",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2332-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2332-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262332-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2332-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026685.html"
},
{
"category": "self",
"summary": "SUSE Bug 1263790",
"url": "https://bugzilla.suse.com/1263790"
},
{
"category": "self",
"summary": "SUSE Bug 1263995",
"url": "https://bugzilla.suse.com/1263995"
},
{
"category": "self",
"summary": "SUSE Bug 1264551",
"url": "https://bugzilla.suse.com/1264551"
},
{
"category": "self",
"summary": "SUSE Bug 1266001",
"url": "https://bugzilla.suse.com/1266001"
},
{
"category": "self",
"summary": "SUSE Bug 1266009",
"url": "https://bugzilla.suse.com/1266009"
},
{
"category": "self",
"summary": "SUSE Bug 1266238",
"url": "https://bugzilla.suse.com/1266238"
},
{
"category": "self",
"summary": "SUSE Bug 1266711",
"url": "https://bugzilla.suse.com/1266711"
},
{
"category": "self",
"summary": "SUSE Bug 1266901",
"url": "https://bugzilla.suse.com/1266901"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31629 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43037 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43206 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43499 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43499/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43501 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43501/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45852 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46043 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46243/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-06-10T08:41:18Z",
"generator": {
"date": "2026-06-10T08:41:18Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2332-1",
"initial_release_date": "2026-06-10T08:41:18Z",
"revision_history": [
{
"date": "2026-06-10T08:41:18Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150500.13.143.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150500.13.143.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150500.13.143.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150500.13.143.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-vdso-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt-vdso-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt-vdso-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-rt_debug-vdso-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-rt_debug-vdso-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150500.13.143.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150500.13.143.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150500.13.143.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.14.21-150500.13.143.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch"
},
"product_reference": "kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150500.13.143.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150500.13.143.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150500.13.143.1.noarch as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150500.13.143.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-31629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31629"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfc: llcp: add missing return after LLCP_CLOSED checks\n\nIn nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket\nstate is LLCP_CLOSED, the code correctly calls release_sock() and\nnfc_llcp_sock_put() but fails to return. Execution falls through to\nthe remainder of the function, which calls release_sock() and\nnfc_llcp_sock_put() again. This results in a double release_sock()\nand a refcount underflow via double nfc_llcp_sock_put(), leading to\na use-after-free.\n\nAdd the missing return statements after the LLCP_CLOSED branches\nin both functions to prevent the fall-through.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31629",
"url": "https://www.suse.com/security/cve/CVE-2026-31629"
},
{
"category": "external",
"summary": "SUSE Bug 1263790 for CVE-2026-31629",
"url": "https://bugzilla.suse.com/1263790"
},
{
"category": "external",
"summary": "SUSE Bug 1263791 for CVE-2026-31629",
"url": "https://bugzilla.suse.com/1263791"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-31629"
},
{
"cve": "CVE-2026-43037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_tunnel: clear skb2-\u003ecb[] in ip4ip6_err()\n\nOskar Kjos reported the following problem.\n\nip4ip6_err() calls icmp_send() on a cloned skb whose cb[] was written\nby the IPv6 receive path as struct inet6_skb_parm. icmp_send() passes\nIPCB(skb2) to __ip_options_echo(), which interprets that cb[] region\nas struct inet_skb_parm (IPv4). The layouts differ: inet6_skb_parm.nhoff\nat offset 14 overlaps inet_skb_parm.opt.rr, producing a non-zero rr\nvalue. __ip_options_echo() then reads optlen from attacker-controlled\npacket data at sptr[rr+1] and copies that many bytes into dopt-\u003e__data,\na fixed 40-byte stack buffer (IP_OPTIONS_DATA_FIXED_SIZE).\n\nTo fix this we clear skb2-\u003ecb[], as suggested by Oskar Kjos.\n\nAlso add minimal IPv4 header validation (version == 4, ihl \u003e= 5).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43037",
"url": "https://www.suse.com/security/cve/CVE-2026-43037"
},
{
"category": "external",
"summary": "SUSE Bug 1263995 for CVE-2026-43037",
"url": "https://bugzilla.suse.com/1263995"
},
{
"category": "external",
"summary": "SUSE Bug 1265197 for CVE-2026-43037",
"url": "https://bugzilla.suse.com/1265197"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-43037"
},
{
"cve": "CVE-2026-43206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43206"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: Fix out-of-bounds write in kfd_event_page_set()\n\nThe kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8\nbytes via memset without checking the buffer size parameter. This allows\nunprivileged userspace to trigger an out-of bounds kernel memory write\nby passing a small buffer, leading to potential privilege\nescalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43206",
"url": "https://www.suse.com/security/cve/CVE-2026-43206"
},
{
"category": "external",
"summary": "SUSE Bug 1264551 for CVE-2026-43206",
"url": "https://bugzilla.suse.com/1264551"
},
{
"category": "external",
"summary": "SUSE Bug 1266668 for CVE-2026-43206",
"url": "https://bugzilla.suse.com/1266668"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-43206"
},
{
"cve": "CVE-2026-43499",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43499"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtmutex: Use waiter::task instead of current in remove_waiter()\n\nremove_waiter() is used by the slowlock paths, but it is also used for\nproxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from\nfutex_requeue().\n\nIn the latter case waiter::task is not current, but remove_waiter()\noperates on current for the dequeue operation. That results in several\nproblems:\n\n 1) the rbtree dequeue happens without waiter::task::pi_lock being held\n\n 2) the waiter task\u0027s pi_blocked_on state is not cleared, which leaves a\n dangling pointer primed for UAF around.\n\n 3) rt_mutex_adjust_prio_chain() operates on the wrong top priority waiter\n task\n\nUse waiter::task instead of current in all related operations in\nremove_waiter() to cure those problems.\n\n[ tglx: Fixup rt_mutex_adjust_prio_chain(), add a comment and amend the\n \tchangelog ]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43499",
"url": "https://www.suse.com/security/cve/CVE-2026-43499"
},
{
"category": "external",
"summary": "SUSE Bug 1266001 for CVE-2026-43499",
"url": "https://bugzilla.suse.com/1266001"
},
{
"category": "external",
"summary": "SUSE Bug 1266014 for CVE-2026-43499",
"url": "https://bugzilla.suse.com/1266014"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-43499"
},
{
"cve": "CVE-2026-43501",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43501"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv6: rpl: reserve mac_len headroom when recompressed SRH grows\n\nipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps\nthe next segment into ipv6_hdr-\u003edaddr, recompresses, then pulls the old\nheader and pushes the new one plus the IPv6 header back. The\nrecompressed header can be larger than the received one when the swap\nreduces the common-prefix length the segments share with daddr (CmprI=0,\nCmprE\u003e0, seg[0][0] != daddr[0] gives the maximum +8 bytes).\n\npskb_expand_head() was gated on segments_left == 0, so on earlier\nsegments the push consumed unchecked headroom. Once skb_push() leaves\nfewer than skb-\u003emac_len bytes in front of data,\nskb_mac_header_rebuild()\u0027s call to:\n\n\tskb_set_mac_header(skb, -skb-\u003emac_len);\n\nwill store (data - head) - mac_len into the u16 mac_header field, which\nwraps to ~65530, and the following memmove() writes mac_len bytes ~64KiB\npast skb-\u003ehead.\n\nA single AF_INET6/SOCK_RAW/IPV6_HDRINCL packet over lo with a two\nsegment type-3 SRH (CmprI=0, CmprE=15) reaches headroom 8 after one\npass; KASAN reports a 14-byte OOB write in ipv6_rthdr_rcv.\n\nFix this by expanding the head whenever the remaining room is less than\nthe push size plus mac_len, and request that much extra so the rebuilt\nMAC header fits afterwards.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43501",
"url": "https://www.suse.com/security/cve/CVE-2026-43501"
},
{
"category": "external",
"summary": "SUSE Bug 1266009 for CVE-2026-43501",
"url": "https://bugzilla.suse.com/1266009"
},
{
"category": "external",
"summary": "SUSE Bug 1266015 for CVE-2026-43501",
"url": "https://bugzilla.suse.com/1266015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-43501"
},
{
"cve": "CVE-2026-45852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45852"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix double free in rxe_srq_from_init\n\nIn rxe_srq_from_init(), the queue pointer \u0027q\u0027 is assigned to\n\u0027srq-\u003erq.queue\u0027 before copying the SRQ number to user space.\nIf copy_to_user() fails, the function calls rxe_queue_cleanup()\nto free the queue, but leaves the now-invalid pointer in\n\u0027srq-\u003erq.queue\u0027.\n\nThe caller of rxe_srq_from_init() (rxe_create_srq) eventually\ncalls rxe_srq_cleanup() upon receiving the error, which triggers\na second rxe_queue_cleanup() on the same memory, leading to a\ndouble free.\n\nThe call trace looks like this:\n kmem_cache_free+0x.../0x...\n rxe_queue_cleanup+0x1a/0x30 [rdma_rxe]\n rxe_srq_cleanup+0x42/0x60 [rdma_rxe]\n rxe_elem_release+0x31/0x70 [rdma_rxe]\n rxe_create_srq+0x12b/0x1a0 [rdma_rxe]\n ib_create_srq_user+0x9a/0x150 [ib_core]\n\nFix this by moving \u0027srq-\u003erq.queue = q\u0027 after copy_to_user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45852",
"url": "https://www.suse.com/security/cve/CVE-2026-45852"
},
{
"category": "external",
"summary": "SUSE Bug 1266711 for CVE-2026-45852",
"url": "https://bugzilla.suse.com/1266711"
},
{
"category": "external",
"summary": "SUSE Bug 1266727 for CVE-2026-45852",
"url": "https://bugzilla.suse.com/1266727"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-45852"
},
{
"cve": "CVE-2026-46043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46043"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv\n\nrxe_rcv() currently checks only that the incoming packet is at least\nheader_size(pkt) bytes long before payload_size() is used.\n\nHowever, payload_size() subtracts both the attacker-controlled BTH pad\nfield and RXE_ICRC_SIZE from pkt-\u003epaylen:\n\n payload_size = pkt-\u003epaylen - offset[RXE_PAYLOAD] - bth_pad(pkt)\n - RXE_ICRC_SIZE\n\nThis means a short packet can still make payload_size() underflow even\nif it includes enough bytes for the fixed headers. Simply requiring\nheader_size(pkt) + RXE_ICRC_SIZE is not sufficient either, because a\npacket with a forged non-zero BTH pad can still leave payload_size()\nnegative and pass an underflowed value to later receive-path users.\n\nFix this by validating pkt-\u003epaylen against the full minimum length\nrequired by payload_size(): header_size(pkt) + bth_pad(pkt) +\nRXE_ICRC_SIZE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46043",
"url": "https://www.suse.com/security/cve/CVE-2026-46043"
},
{
"category": "external",
"summary": "SUSE Bug 1266901 for CVE-2026-46043",
"url": "https://bugzilla.suse.com/1266901"
},
{
"category": "external",
"summary": "SUSE Bug 1266902 for CVE-2026-46043",
"url": "https://bugzilla.suse.com/1266902"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-46043"
},
{
"cve": "CVE-2026-46243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: reject userspace cifs.spnego descriptions\n\ncifs.spnego key descriptions contain authority-bearing fields such as\npid, uid, creduid, and upcall_target that cifs.upcall treats as\nkernel-originating inputs. However, userspace can also create keys of\nthis type through request_key(2) or add_key(2), allowing those fields to\nbe supplied without CIFS origin.\n\nOnly accept cifs.spnego descriptions while CIFS is using its private\nspnego_cred to request the key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46243",
"url": "https://www.suse.com/security/cve/CVE-2026-46243"
},
{
"category": "external",
"summary": "SUSE Bug 1266238 for CVE-2026-46243",
"url": "https://bugzilla.suse.com/1266238"
},
{
"category": "external",
"summary": "SUSE Bug 1266265 for CVE-2026-46243",
"url": "https://bugzilla.suse.com/1266265"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.5:kernel-devel-rt-5.14.21-150500.13.143.1.noarch",
"SUSE Linux Enterprise Micro 5.5:kernel-rt-5.14.21-150500.13.143.1.x86_64",
"SUSE Linux Enterprise Micro 5.5:kernel-source-rt-5.14.21-150500.13.143.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-10T08:41:18Z",
"details": "important"
}
],
"title": "CVE-2026-46243"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…