SUSE-IU-2026:3378-1: Security update of suse/sle-micro/kvm-5.5

Mon May 18 07:09:26 UTC 2026

SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2026:3378-1
Image Tags        : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.529 , suse/sle-micro/kvm-5.5:latest
Image Release     : 3.5.529
Severity          : important
Type              : security
References        : 1264013 1264449 1264450 1265209 1265308 CVE-2025-54518 CVE-2026-43284
                        CVE-2026-43500 CVE-2026-46300 CVE-2026-46333 
-----------------------------------------------------------------

The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2026:1907-1
Released:    Sun May 17 19:12:35 2026
Summary:     Security update for the Linux Kernel
Type:        security
Severity:    important
References:  1264013,1264449,1264450,1265209,1265308,CVE-2025-54518,CVE-2026-43284,CVE-2026-43500,CVE-2026-46300,CVE-2026-46333

The SUSE Linux Enterprise 15 SP5 kernel was updated to fix the following issue:

Security issues fixed:

- CVE-2026-43284: xfrm: esp: avoid in-place decrypt on shared skb frags (bsc#1264449).
- CVE-2026-43500: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (bsc#1264450).
- CVE-2025-54518: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache (bsc#1264013).
- CVE-2026-46300: net: skbuff: propagate shared-frag marker through pskb_copy() (bsc#1265209).
- CVE-2026-46333: Fixed logic bug in the Linux kernel's __ptrace_may_access() function (bsc#1265308).

Other issues fixed:

- io-wq: check that the predecessor is hashed in io_wq_remove_pending() (git-fixes).

The following package changes have been done:

- kernel-default-base-5.14.21-150500.55.163.1.150500.6.75.7 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.274 updated