SUSE-IU-2026:1405-1: Security update of suse/sl-micro/6.1/kvm-os-container

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Thu Mar 12 08:22:34 UTC 2026 

SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:1405-1
Image Tags        : suse/sl-micro/6.1/kvm-os-container:2.2.1 , suse/sl-micro/6.1/kvm-os-container:2.2.1-5.94 , suse/sl-micro/6.1/kvm-os-container:latest
Image Release     : 5.94
Severity          : important
Type              : security
References        : 1241345 1243055 1249587 1251966 1252911 1252924 1253691 1254992
                        1255129 1255265 1255379 1255530 1255698 1256564 1256640 1256679
                        1256683 1256708 1256716 1256755 1256802 1256863 1257159 1257179
                        1257209 1257228 1257231 1257246 1257552 1257554 1257557 1257559
                        1257560 1257562 1257570 1257573 1257576 1257579 1257580 1257586
                        1257635 1257679 1257687 1257704 1257706 1257707 1257714 1257715
                        1257716 1257718 1257722 1257723 1257729 1257735 1257739 1257740
                        1257741 1257743 1257745 1257749 1257750 1257757 1257758 1257759
                        1257761 1257762 1257763 1257765 1257768 1257770 1257772 1257775
                        1257776 1257788 1257789 1257790 1257805 1257808 1257809 1257811
                        1257813 1257816 1257830 1257891 1257942 1257952 1258153 1258181
                        1258184 1258222 1258234 1258237 1258245 1258249 1258252 1258256
                        1258259 1258272 1258273 1258277 1258278 1258279 1258299 1258304
                        1258309 1258313 1258317 1258321 1258326 1258338 1258349 1258354
                        1258358 1258374 1258377 1258379 1258394 1258395 1258397 1258411
                        1258415 1258419 1258422 1258424 1258429 1258442 1258464 1258465
                        1258468 1258469 1258484 1258518 1258519 1258520 1258524 1258544
                        1258660 1258824 1258928 1259070 CVE-2023-53817 CVE-2025-37861
                        CVE-2025-39748 CVE-2025-39964 CVE-2025-40099 CVE-2025-40103 CVE-2025-68283
                        CVE-2025-68295 CVE-2025-68374 CVE-2025-68736 CVE-2025-68778 CVE-2025-68785
                        CVE-2025-68810 CVE-2025-71071 CVE-2025-71104 CVE-2025-71113 CVE-2025-71126
                        CVE-2025-71148 CVE-2025-71182 CVE-2025-71184 CVE-2025-71185 CVE-2025-71188
                        CVE-2025-71189 CVE-2025-71190 CVE-2025-71191 CVE-2025-71192 CVE-2025-71194
                        CVE-2025-71195 CVE-2025-71196 CVE-2025-71197 CVE-2025-71198 CVE-2025-71199
                        CVE-2025-71200 CVE-2025-71222 CVE-2025-71224 CVE-2025-71225 CVE-2025-71229
                        CVE-2025-71231 CVE-2025-71232 CVE-2025-71234 CVE-2025-71235 CVE-2025-71236
                        CVE-2026-22979 CVE-2026-22982 CVE-2026-22998 CVE-2026-23003 CVE-2026-23004
                        CVE-2026-23017 CVE-2026-23021 CVE-2026-23026 CVE-2026-23033 CVE-2026-23035
                        CVE-2026-23037 CVE-2026-23049 CVE-2026-23053 CVE-2026-23056 CVE-2026-23057
                        CVE-2026-23058 CVE-2026-23060 CVE-2026-23061 CVE-2026-23063 CVE-2026-23064
                        CVE-2026-23068 CVE-2026-23071 CVE-2026-23073 CVE-2026-23074 CVE-2026-23076
                        CVE-2026-23078 CVE-2026-23080 CVE-2026-23082 CVE-2026-23083 CVE-2026-23084
                        CVE-2026-23085 CVE-2026-23086 CVE-2026-23089 CVE-2026-23090 CVE-2026-23091
                        CVE-2026-23094 CVE-2026-23095 CVE-2026-23096 CVE-2026-23099 CVE-2026-23101
                        CVE-2026-23102 CVE-2026-23104 CVE-2026-23105 CVE-2026-23107 CVE-2026-23108
                        CVE-2026-23110 CVE-2026-23111 CVE-2026-23112 CVE-2026-23113 CVE-2026-23116
                        CVE-2026-23119 CVE-2026-23121 CVE-2026-23129 CVE-2026-23133 CVE-2026-23135
                        CVE-2026-23139 CVE-2026-23141 CVE-2026-23145 CVE-2026-23146 CVE-2026-23150
                        CVE-2026-23151 CVE-2026-23152 CVE-2026-23155 CVE-2026-23156 CVE-2026-23163
                        CVE-2026-23166 CVE-2026-23167 CVE-2026-23170 CVE-2026-23171 CVE-2026-23172
                        CVE-2026-23173 CVE-2026-23176 CVE-2026-23178 CVE-2026-23179 CVE-2026-23182
                        CVE-2026-23190 CVE-2026-23191 CVE-2026-23198 CVE-2026-23202 CVE-2026-23207
                        CVE-2026-23208 CVE-2026-23209 CVE-2026-23213 CVE-2026-23214 CVE-2026-23221
                        CVE-2026-23222 CVE-2026-23229 
-----------------------------------------------------------------

The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: kernel-291
Released:    Wed Mar 11 17:03:14 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1241345,1243055,1249587,1251966,1252911,1252924,1253691,1254992,1255129,1255265,1255379,1255530,1255698,1256564,1256640,1256679,1256683,1256708,1256716,1256755,1256802,1256863,1257159,1257179,1257209,1257228,1257231,1257246,1257552,1257554,1257557,1257559,1257560,1257562,1257570,1257573,1257576,1257579,1257580,1257586,1257635,1257679,1257687,1257704,1257706,1257707,1257714,1257715,1257716,1257718,1257722,1257723,1257729,1257735,1257739,1257740,1257741,1257743,1257745,1257749,1257750,1257757,1257758,1257759,1257761,1257762,1257763,1257765,1257768,1257770,1257772,1257775,1257776,1257788,1257789,1257790,1257805,1257808,1257809,1257811,1257813,1257816,1257830,1257891,1257942,1257952,1258153,1258181,1258184,1258222,1258234,1258237,1258245,1258249,1258252,1258256,1258259,1258272,1258273,1258277,1258278,1258279,1258299,1258304,1258309,1258313,1258317,1258321,1258326,1258338,1258349,1258354,1258358,1258374,1258377,1258379,1258394,1258395,1258397,1258411,1258415,1258419,1258422,1
 258424,1258429,1258442,1258464,1258465,1258468,1258469,1258484,1258518,1258519,1258520,1258524,1258544,1258660,1258824,1258928,1259070,CVE-2023-53817,CVE-2025-37861,CVE-2025-39748,CVE-2025-39964,CVE-2025-40099,CVE-2025-40103,CVE-2025-68283,CVE-2025-68295,CVE-2025-68374,CVE-2025-68736,CVE-2025-68778,CVE-2025-68785,CVE-2025-68810,CVE-2025-71071,CVE-2025-71104,CVE-2025-71113,CVE-2025-71126,CVE-2025-71148,CVE-2025-71182,CVE-2025-71184,CVE-2025-71185,CVE-2025-71188,CVE-2025-71189,CVE-2025-71190,CVE-2025-71191,CVE-2025-71192,CVE-2025-71194,CVE-2025-71195,CVE-2025-71196,CVE-2025-71197,CVE-2025-71198,CVE-2025-71199,CVE-2025-71200,CVE-2025-71222,CVE-2025-71224,CVE-2025-71225,CVE-2025-71229,CVE-2025-71231,CVE-2025-71232,CVE-2025-71234,CVE-2025-71235,CVE-2025-71236,CVE-2026-22979,CVE-2026-22982,CVE-2026-22998,CVE-2026-23003,CVE-2026-23004,CVE-2026-23017,CVE-2026-23021,CVE-2026-23026,CVE-2026-23033,CVE-2026-23035,CVE-2026-23037,CVE-2026-23049,CVE-2026-23053,CVE-2026-23056,CVE-2026-23057,CVE-202
 6-23058,CVE-2026-23060,CVE-2026-23061,CVE-2026-23063,CVE-2026-23064,CVE-2026-23068,CVE-2026-23071,CVE-2026-23073,CVE-2026-23074,CVE-2026-23076,CVE-2026-23078,CVE-2026-23080,CVE-2026-23082,CVE-2026-23083,CVE-2026-23084,CVE-2026-23085,CVE-2026-23086,CVE-2026-23089,CVE-2026-23090,CVE-2026-23091,CVE-2026-23094,CVE-2026-23095,CVE-2026-23096,CVE-2026-23099,CVE-2026-23101,CVE-2026-23102,CVE-2026-23104,CVE-2026-23105,CVE-2026-23107,CVE-2026-23108,CVE-2026-23110,CVE-2026-23111,CVE-2026-23112,CVE-2026-23113,CVE-2026-23116,CVE-2026-23119,CVE-2026-23121,CVE-2026-23129,CVE-2026-23133,CVE-2026-23135,CVE-2026-23139,CVE-2026-23141,CVE-2026-23145,CVE-2026-23146,CVE-2026-23150,CVE-2026-23151,CVE-2026-23152,CVE-2026-23155,CVE-2026-23156,CVE-2026-23163,CVE-2026-23166,CVE-2026-23167,CVE-2026-23170,CVE-2026-23171,CVE-2026-23172,CVE-2026-23173,CVE-2026-23176,CVE-2026-23178,CVE-2026-23179,CVE-2026-23182,CVE-2026-23190,CVE-2026-23191,CVE-2026-23198,CVE-2026-23202,CVE-2026-23207,CVE-2026-23208,CVE-2026-23209
 ,CVE-2026-23213,CVE-2026-23214,CVE-2026-23221,CVE-2026-23222,CVE-2026-23229

The SUSE Linux Enterprise Micro 6.0 and Micro 6.1 kernel was updated to fix various security issues

The following security issues were fixed:

- CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992).
- CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
- CVE-2025-39748: bpf: Forget ranges when refining tnum after JSET (bsc#1249587).
- CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
- CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
- CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
- CVE-2025-68283: libceph: replace BUG_ON with bounds check for map->max_osd (bsc#1255379).
- CVE-2025-68295: smb: client: fix memory leak in cifs_construct_tcon() (bsc#1255129).
- CVE-2025-68374: md: fix rcu protection in md_wakeup_thread (bsc#1255530).
- CVE-2025-68736: landlock: Fix handling of disconnected directories (bsc#1255698).
- CVE-2025-68778: btrfs: don't log conflicting inode if it's a dir moved in the current transaction (bsc#1256683).
- CVE-2025-68785: net: openvswitch: fix middle attribute validation in push_nsh() action (bsc#1256640).
- CVE-2025-68810: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (bsc#1256679).
- CVE-2025-71071: iommu/mediatek: fix use-after-free on probe deferral (bsc#1256802).
- CVE-2025-71104: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (bsc#1256708).
- CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716).
- CVE-2025-71126: mptcp: reset fallback status gracefully at disconnect() time (bsc#1256755).
- CVE-2025-71148: net/handshake: restore destructor on submit failure (bsc#1257159).
- CVE-2025-71184: btrfs: fix NULL dereference on root when tracing inode eviction (bsc#1257635).
- CVE-2025-71194: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type (bsc#1257687).
- CVE-2025-71225: md: suspend array while updating raid_disks via sysfs (bsc#1258411).
- CVE-2026-22979: net: fix memory leak in skb_segment_list for GRO packets (bsc#1257228).
- CVE-2026-22982: net: mscc: ocelot: Fix crash when adding interface under a lag (bsc#1257179).
- CVE-2026-22998: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (bsc#1257209).
- CVE-2026-23003: geneve: Fix incorrect inner network header offset when innerprotoinherit is set (bsc#1257246).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23017: idpf: fix error handling in the init_task on load (bsc#1257552).
- CVE-2026-23035: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv (bsc#1257559).
- CVE-2026-23053: NFS: Fix a deadlock involving nfs_release_folio() (bsc#1257718).
- CVE-2026-23057: vsock/virtio: Coalesce only linear skb (bsc#1257740).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23064: net/sched: act_ife: avoid possible NULL deref (bsc#1257765).
- CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
- CVE-2026-23083: fou: Don't allow 0 for FOU_ATTR_IPPROTO (bsc#1257745).
- CVE-2026-23084: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list (bsc#1257830).
- CVE-2026-23085: irqchip/gic-v3-its: Avoid truncating memory addresses (bsc#1257758).
- CVE-2026-23086: vsock/virtio: cap TX credit to local buffer size (bsc#1257757).
- CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
- CVE-2026-23095: gue: Fix skb memleak with inner IP protocol 0 (bsc#1257808).
- CVE-2026-23099: bonding: limit BOND_MODE_8023AD to Ethernet devices (bsc#1257816).
- CVE-2026-23102: arm64/fpsimd: signal: Mandate SVE payload for streaming-mode state (bsc#1257772).
- CVE-2026-23104: ice: fix devlink reload call trace (bsc#1257763).
- CVE-2026-23105: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag (bsc#1257775).
- CVE-2026-23107: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA (bsc#1257762).
- CVE-2026-23110: scsi: core: Wake up the error handler when final completions race against each other (bsc#1257761).
- CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
- CVE-2026-23112: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec (bsc#1258184).
- CVE-2026-23113: io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop (bsc#1258278).
- CVE-2026-23116: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu (bsc#1258277).
- CVE-2026-23119: bonding: provide a net pointer to __skb_flow_dissect() (bsc#1258273).
- CVE-2026-23139: netfilter: nf_conncount: update last_gc only when GC has been performed (bsc#1258304).
- CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
- CVE-2026-23166: ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (bsc#1258272).
- CVE-2026-23171: net: bonding: update the slave array for broadcast mode (bsc#1258349).
- CVE-2026-23173: net/mlx5e: TC, delete flows only for existing peers (bsc#1258520).
- CVE-2026-23179: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() (bsc#1258394).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23198: KVM: Don't clobber irqfd routing type when deassigning irqfd (bsc#1258321).
- CVE-2026-23208: ALSA: usb-audio: Prevent excessive number of frames (bsc#1258468).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23213: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset (bsc#1258465).
- CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).

The following non security issues were fixed:

- ALSA: usb-audio: Update the number of packets properly at receiving (stable-fixes).
- ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() (git-fixes).
- ASoC: SOF: ipc4-control: If there is no data do not send bytes update (git-fixes).
- HID: intel-ish-hid: Update ishtp bus match to support device ID table (stable-fixes).
- PM: sleep: wakeirq: Update outdated documentation comments (git-fixes).
- Update 'drm/mgag200: fix mgag200_bmc_stop_scanout()' bug number (bsc#1258153)
- Update upstreamed net and powerpc patch references and sorting
- bonding: only set speed/duplex to unknown, if getting speed failed (bsc#1253691).
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
- clocksource: Print durations for sync check unconditionally (bsc#1241345).
- clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (stable-fixes).
- ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref (git-fixes).
- landlock: Optimize file path walks and prepare for audit support (bsc#1255698).
- media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() (git-fixes).
- shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564).
- spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
- spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
- spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
- staging: rtl8723bs: fix missing status update on sdio_alloc_irq() failure (stable-fixes).
- wifi: cfg80211: Fix use_for flag update on BSS refresh (git-fixes).
- workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)


The following package changes have been done:

- kernel-default-base-6.4.0-40.1.21.17 updated
- qemu-guest-agent-8.2.10-slfo.1.1_4.1 updated
- container:SL-Micro-base-container-2.2.1-5.90 updated

More information about the sle-container-updates mailing list