SUSE-SU-2026:21237-1: important: Security update for the Linux Kernel
SLE-UPDATES
null at suse.de
Wed Apr 22 12:32:04 UTC 2026
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2026:21237-1
Release Date: 2026-04-20T15:11:07Z
Rating: important
References:
* bsc#1191256
* bsc#1191270
* bsc#1194778
* bsc#1207184
* bsc#1217845
* bsc#1222768
* bsc#1243208
* bsc#1252073
* bsc#1253129
* bsc#1254214
* bsc#1254306
* bsc#1254307
* bsc#1255084
* bsc#1255687
* bsc#1256647
* bsc#1257183
* bsc#1257511
* bsc#1257708
* bsc#1257773
* bsc#1257777
* bsc#1258175
* bsc#1258280
* bsc#1258293
* bsc#1258301
* bsc#1258305
* bsc#1258330
* bsc#1258337
* bsc#1258340
* bsc#1258414
* bsc#1258447
* bsc#1258476
* bsc#1258849
* bsc#1259188
* bsc#1259461
* bsc#1259484
* bsc#1259485
* bsc#1259580
* bsc#1259707
* bsc#1259759
* bsc#1259795
* bsc#1259797
* bsc#1259870
* bsc#1259886
* bsc#1259891
* bsc#1259955
* bsc#1259997
* bsc#1259998
* bsc#1260005
* bsc#1260009
* bsc#1260347
* bsc#1260459
* bsc#1260464
* bsc#1260471
* bsc#1260481
* bsc#1260486
* bsc#1260490
* bsc#1260497
* bsc#1260500
* bsc#1260522
* bsc#1260527
* bsc#1260544
* bsc#1260550
* bsc#1260606
* bsc#1260730
* bsc#1260732
* bsc#1260735
* bsc#1260799
* bsc#1261496
* bsc#1261498
* bsc#1261506
* bsc#1261507
* bsc#1261669
* jsc#PED-11175
* jsc#PED-15042
* jsc#PED-15441
* jsc#PED-15986
Cross-References:
* CVE-2025-39998
* CVE-2025-40253
* CVE-2025-68794
* CVE-2025-71239
* CVE-2026-23072
* CVE-2026-23103
* CVE-2026-23120
* CVE-2026-23125
* CVE-2026-23138
* CVE-2026-23140
* CVE-2026-23187
* CVE-2026-23193
* CVE-2026-23201
* CVE-2026-23204
* CVE-2026-23215
* CVE-2026-23216
* CVE-2026-23231
* CVE-2026-23239
* CVE-2026-23240
* CVE-2026-23242
* CVE-2026-23243
* CVE-2026-23255
* CVE-2026-23262
* CVE-2026-23270
* CVE-2026-23272
* CVE-2026-23274
* CVE-2026-23277
* CVE-2026-23278
* CVE-2026-23281
* CVE-2026-23292
* CVE-2026-23293
* CVE-2026-23297
* CVE-2026-23304
* CVE-2026-23319
* CVE-2026-23326
* CVE-2026-23335
* CVE-2026-23343
* CVE-2026-23361
* CVE-2026-23379
* CVE-2026-23381
* CVE-2026-23383
* CVE-2026-23386
* CVE-2026-23393
* CVE-2026-23398
* CVE-2026-23413
* CVE-2026-23414
* CVE-2026-23419
* CVE-2026-23425
* CVE-2026-31788
CVSS scores:
* CVE-2025-39998 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-68794 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2025-71239 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
* CVE-2026-23072 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23120 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23125 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23138 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23140 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23187 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23201 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23204 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2026-23215 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23216 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23239 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23240 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23242 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23243 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23255 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23262 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23277 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23278 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23281 ( SUSE ): 5.4
CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23292 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23293 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23304 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23319 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23326 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23335 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2026-23343 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23361 ( SUSE ): 5.6
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
* CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
* CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23386 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23393 ( SUSE ): 7.3
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23398 ( SUSE ): 5.9
CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23413 ( SUSE ): 7.1
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-23414 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23419 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-23425 ( SUSE ): 5.8
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
* CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
* SUSE Linux Micro 6.2
An update that solves 49 vulnerabilities, contains four features and has 23
fixes can now be installed.
## Description:
The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues
The following security issues were fixed:
* CVE-2025-39998: scsi: target: target_core_configfs: Add length check to
avoid buffer overflow (bsc#1252073).
* CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
* CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned
positions (bsc#1256647).
* CVE-2025-71239: audit: add fchmodat2() to change attributes class
(bsc#1259759).
* CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708).
* CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
* CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work()
(bsc#1258280).
* CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after
SCTP_CMD_PEER_INIT (bsc#1258293).
* CVE-2026-23138: kABI: Preserve values of the trace recursion bits
(bsc#1258301).
* CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed
metadata size (bsc#1258305).
* CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of
bc->domains (bsc#1258330).
* CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in
iscsit_dec_session_usage_count() (bsc#1258414).
* CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in
parse_longname() (bsc#1258337).
* CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
* CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
* CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in
iscsit_dec_conn_usage_count() (bsc#1258447).
* CVE-2026-23231: netfilter: nf_tables: fix use-after-free in
nf_tables_addchain() (bsc#1259188).
* CVE-2026-23239: espintcp: Fix race condition in espintcp_close()
(bsc#1259485).
* CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx()
(bsc#1259484).
* CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header
processing (bsc#1259795).
* CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write
(bsc#1259797).
* CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype
(bsc#1259891).
* CVE-2026-23262: gve: Fix stats report corruption on queue count change
(bsc#1259870).
* CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress
qdiscs and shared blocks (bsc#1259886).
* CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems
before insertion (bsc#1260009).
* CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer
labels (bsc#1260005).
* CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in
iptunnel_xmit on TEQL slave xmit (bsc#1259997).
* CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall
elements (bsc#1259998).
* CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter()
(bsc#1260464).
* CVE-2026-23292: scsi: target: Fix recursive locking in
__configfs_open_file() (bsc#1260500).
* CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260486).
* CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit()
(bsc#1260490).
* CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()
(bsc#1260544).
* CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim
(bsc#1260735).
* CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak
(bsc#1260606).
* CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
(bsc#1260550).
* CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative
(bsc#1260527).
* CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU
entry (bsc#1260732).
* CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path
(bsc#1260481).
* CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is
disabled (bsc#1260471).
* CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent
atomic tearing (bsc#1260497).
* CVE-2026-23386: gve: fix incorrect buffer cleanup in
gve_tx_clean_pending_packets for QPL (bsc#1260799).
* CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion
(bsc#1260522).
* CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation()
(bsc#1260730).
* CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback
asymmetry (bsc#1261498).
* CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait()
(bsc#1261496).
* CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune
(bsc#1261507).
* CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected
pKVM guests (bsc#1261506).
* CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU
(bsc#1259707).
The following non security issues were fixed:
* KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
(bsc#1259461).
* KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
* Revert "drm/i915/display: Add quirk to skip retraining of dp link
(bsc#1253129)."
* Update config files (bsc#1254307).
* apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
* apparmor: fix differential encoding verification (bsc#1258849).
* apparmor: fix memory leak in verify_header (bsc#1258849).
* apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
(bsc#1258849).
* apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
* apparmor: fix race on rawdata dereference (bsc#1258849).
* apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
* apparmor: fix unprivileged local user can do privileged policy management
(bsc#1258849).
* apparmor: fix: limit the number of levels of policy namespaces
(bsc#1258849).
* apparmor: replace recursive profile removal with iterative approach
(bsc#1258849).
* apparmor: validate DFA start states are in bounds in unpack_pdb
(bsc#1258849).
* bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
* bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
* btrfs: only enforce free space tree if v1 cache is required for bs < ps
cases (bsc#1260459).
* btrfs: tracepoints: get correct superblock from dentry in event
btrfs_sync_file() (bsc#1257777).
* dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
* drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
* drm/i915/display: Add module param to skip retraining of dp link
(bsc#1253129).
* drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
* drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters
(stable-fixes).
* firmware: microchip: fail auto-update probe if no flash found (git-fixes).
* kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
* net: mana: Trigger VF reset/recovery on health check failure due to HWC
timeout (bsc#1259580).
* nvme: add support for dynamic quirk configuration via module parameter
(bsc#1243208).
* nvme: expose active quirks in sysfs (bsc#1243208).
* nvme: fix memory leak in quirks_param_set() (bsc#1243208).
* powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
* powerpc/kdump: Fix size calculation for hot-removed memory ranges
(jsc#PED-11175 git-fixes).
* s390/cio: Update purge function to unregister the unused subchannels
(bsc#1254214).
* s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
* s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
* scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
* scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
* scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
* scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
* scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
* scsi: fnic: Add stats and related functionality (jsc#PED-15441).
* scsi: fnic: Add support for fabric based solicited requests and responses
(jsc#PED-15441).
* scsi: fnic: Add support for target based solicited requests and responses
(jsc#PED-15441).
* scsi: fnic: Add support for unsolicited requests and responses
(jsc#PED-15441).
* scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
* scsi: fnic: Code cleanup (jsc#PED-15441).
* scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
* scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out
(jsc#PED-15441).
* scsi: fnic: Fix indentation and remove unnecessary parenthesis
(jsc#PED-15441).
* scsi: fnic: Fix missing DMA mapping error in fnic_send_frame()
(jsc#PED-15441).
* scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
* scsi: fnic: Increment driver version (jsc#PED-15441).
* scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
* scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
* scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init()
(jsc#PED-15441).
* scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).
* scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
* scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
* scsi: fnic: Remove unnecessary else and unnecessary break in FDLS
(jsc#PED-15441).
* scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP
(jsc#PED-15441).
* scsi: fnic: Remove unnecessary spinlock locking and unlocking
(jsc#PED-15441).
* scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
* scsi: fnic: Replace shost_printk() with dev_info()/dev_err()
(jsc#PED-15441).
* scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
* scsi: fnic: Return appropriate error code for mem alloc failure
(jsc#PED-15441).
* scsi: fnic: Return appropriate error code from failure of scsi drv init
(jsc#PED-15441).
* scsi: fnic: Test for memory allocation failure and return error code
(jsc#PED-15441).
* scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
* scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
* scsi: scsi_transport_sas: Fix the maximum channel scanning issue
(bsc#1255687, git-fixes).
* scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes,
jsc#PED-15042).
* selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
* selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669
ltc#212590).
* tg3: Fix race for querying speed/duplex (bsc#1257183).
* x86/platform/uv: Handle deconfigured sockets (bsc#1260347).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.2
zypper in -t patch SUSE-SL-Micro-6.2-596=1
## Package List:
* SUSE Linux Micro 6.2 (noarch)
* kernel-macros-6.12.0-160000.28.1
* kernel-devel-6.12.0-160000.28.1
* kernel-source-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64)
* kernel-default-base-6.12.0-160000.27.1.160000.2.8
* SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc)
* kernel-default-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
* kernel-default-debuginfo-6.12.0-160000.28.1
* kernel-default-extra-6.12.0-160000.28.1
* kernel-default-devel-6.12.0-160000.28.1
* kernel-default-debugsource-6.12.0-160000.28.1
* kernel-default-extra-debuginfo-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (x86_64)
* kernel-rt-devel-debuginfo-6.12.0-160000.28.1
* kernel-rt-livepatch-6.12.0-160000.28.1
* kernel-default-devel-debuginfo-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (ppc64le s390x x86_64)
* kernel-default-livepatch-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (aarch64 nosrc x86_64)
* kernel-rt-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (aarch64 x86_64)
* kernel-rt-devel-6.12.0-160000.28.1
* kernel-rt-debugsource-6.12.0-160000.28.1
* kernel-rt-debuginfo-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (aarch64 nosrc)
* kernel-64kb-6.12.0-160000.28.1
* SUSE Linux Micro 6.2 (aarch64)
* kernel-64kb-debugsource-6.12.0-160000.28.1
* kernel-64kb-devel-6.12.0-160000.28.1
* kernel-64kb-debuginfo-6.12.0-160000.28.1
## References:
* https://www.suse.com/security/cve/CVE-2025-39998.html
* https://www.suse.com/security/cve/CVE-2025-40253.html
* https://www.suse.com/security/cve/CVE-2025-68794.html
* https://www.suse.com/security/cve/CVE-2025-71239.html
* https://www.suse.com/security/cve/CVE-2026-23072.html
* https://www.suse.com/security/cve/CVE-2026-23103.html
* https://www.suse.com/security/cve/CVE-2026-23120.html
* https://www.suse.com/security/cve/CVE-2026-23125.html
* https://www.suse.com/security/cve/CVE-2026-23138.html
* https://www.suse.com/security/cve/CVE-2026-23140.html
* https://www.suse.com/security/cve/CVE-2026-23187.html
* https://www.suse.com/security/cve/CVE-2026-23193.html
* https://www.suse.com/security/cve/CVE-2026-23201.html
* https://www.suse.com/security/cve/CVE-2026-23204.html
* https://www.suse.com/security/cve/CVE-2026-23215.html
* https://www.suse.com/security/cve/CVE-2026-23216.html
* https://www.suse.com/security/cve/CVE-2026-23231.html
* https://www.suse.com/security/cve/CVE-2026-23239.html
* https://www.suse.com/security/cve/CVE-2026-23240.html
* https://www.suse.com/security/cve/CVE-2026-23242.html
* https://www.suse.com/security/cve/CVE-2026-23243.html
* https://www.suse.com/security/cve/CVE-2026-23255.html
* https://www.suse.com/security/cve/CVE-2026-23262.html
* https://www.suse.com/security/cve/CVE-2026-23270.html
* https://www.suse.com/security/cve/CVE-2026-23272.html
* https://www.suse.com/security/cve/CVE-2026-23274.html
* https://www.suse.com/security/cve/CVE-2026-23277.html
* https://www.suse.com/security/cve/CVE-2026-23278.html
* https://www.suse.com/security/cve/CVE-2026-23281.html
* https://www.suse.com/security/cve/CVE-2026-23292.html
* https://www.suse.com/security/cve/CVE-2026-23293.html
* https://www.suse.com/security/cve/CVE-2026-23297.html
* https://www.suse.com/security/cve/CVE-2026-23304.html
* https://www.suse.com/security/cve/CVE-2026-23319.html
* https://www.suse.com/security/cve/CVE-2026-23326.html
* https://www.suse.com/security/cve/CVE-2026-23335.html
* https://www.suse.com/security/cve/CVE-2026-23343.html
* https://www.suse.com/security/cve/CVE-2026-23361.html
* https://www.suse.com/security/cve/CVE-2026-23379.html
* https://www.suse.com/security/cve/CVE-2026-23381.html
* https://www.suse.com/security/cve/CVE-2026-23383.html
* https://www.suse.com/security/cve/CVE-2026-23386.html
* https://www.suse.com/security/cve/CVE-2026-23393.html
* https://www.suse.com/security/cve/CVE-2026-23398.html
* https://www.suse.com/security/cve/CVE-2026-23413.html
* https://www.suse.com/security/cve/CVE-2026-23414.html
* https://www.suse.com/security/cve/CVE-2026-23419.html
* https://www.suse.com/security/cve/CVE-2026-23425.html
* https://www.suse.com/security/cve/CVE-2026-31788.html
* https://bugzilla.suse.com/show_bug.cgi?id=1191256
* https://bugzilla.suse.com/show_bug.cgi?id=1191270
* https://bugzilla.suse.com/show_bug.cgi?id=1194778
* https://bugzilla.suse.com/show_bug.cgi?id=1207184
* https://bugzilla.suse.com/show_bug.cgi?id=1217845
* https://bugzilla.suse.com/show_bug.cgi?id=1222768
* https://bugzilla.suse.com/show_bug.cgi?id=1243208
* https://bugzilla.suse.com/show_bug.cgi?id=1252073
* https://bugzilla.suse.com/show_bug.cgi?id=1253129
* https://bugzilla.suse.com/show_bug.cgi?id=1254214
* https://bugzilla.suse.com/show_bug.cgi?id=1254306
* https://bugzilla.suse.com/show_bug.cgi?id=1254307
* https://bugzilla.suse.com/show_bug.cgi?id=1255084
* https://bugzilla.suse.com/show_bug.cgi?id=1255687
* https://bugzilla.suse.com/show_bug.cgi?id=1256647
* https://bugzilla.suse.com/show_bug.cgi?id=1257183
* https://bugzilla.suse.com/show_bug.cgi?id=1257511
* https://bugzilla.suse.com/show_bug.cgi?id=1257708
* https://bugzilla.suse.com/show_bug.cgi?id=1257773
* https://bugzilla.suse.com/show_bug.cgi?id=1257777
* https://bugzilla.suse.com/show_bug.cgi?id=1258175
* https://bugzilla.suse.com/show_bug.cgi?id=1258280
* https://bugzilla.suse.com/show_bug.cgi?id=1258293
* https://bugzilla.suse.com/show_bug.cgi?id=1258301
* https://bugzilla.suse.com/show_bug.cgi?id=1258305
* https://bugzilla.suse.com/show_bug.cgi?id=1258330
* https://bugzilla.suse.com/show_bug.cgi?id=1258337
* https://bugzilla.suse.com/show_bug.cgi?id=1258340
* https://bugzilla.suse.com/show_bug.cgi?id=1258414
* https://bugzilla.suse.com/show_bug.cgi?id=1258447
* https://bugzilla.suse.com/show_bug.cgi?id=1258476
* https://bugzilla.suse.com/show_bug.cgi?id=1258849
* https://bugzilla.suse.com/show_bug.cgi?id=1259188
* https://bugzilla.suse.com/show_bug.cgi?id=1259461
* https://bugzilla.suse.com/show_bug.cgi?id=1259484
* https://bugzilla.suse.com/show_bug.cgi?id=1259485
* https://bugzilla.suse.com/show_bug.cgi?id=1259580
* https://bugzilla.suse.com/show_bug.cgi?id=1259707
* https://bugzilla.suse.com/show_bug.cgi?id=1259759
* https://bugzilla.suse.com/show_bug.cgi?id=1259795
* https://bugzilla.suse.com/show_bug.cgi?id=1259797
* https://bugzilla.suse.com/show_bug.cgi?id=1259870
* https://bugzilla.suse.com/show_bug.cgi?id=1259886
* https://bugzilla.suse.com/show_bug.cgi?id=1259891
* https://bugzilla.suse.com/show_bug.cgi?id=1259955
* https://bugzilla.suse.com/show_bug.cgi?id=1259997
* https://bugzilla.suse.com/show_bug.cgi?id=1259998
* https://bugzilla.suse.com/show_bug.cgi?id=1260005
* https://bugzilla.suse.com/show_bug.cgi?id=1260009
* https://bugzilla.suse.com/show_bug.cgi?id=1260347
* https://bugzilla.suse.com/show_bug.cgi?id=1260459
* https://bugzilla.suse.com/show_bug.cgi?id=1260464
* https://bugzilla.suse.com/show_bug.cgi?id=1260471
* https://bugzilla.suse.com/show_bug.cgi?id=1260481
* https://bugzilla.suse.com/show_bug.cgi?id=1260486
* https://bugzilla.suse.com/show_bug.cgi?id=1260490
* https://bugzilla.suse.com/show_bug.cgi?id=1260497
* https://bugzilla.suse.com/show_bug.cgi?id=1260500
* https://bugzilla.suse.com/show_bug.cgi?id=1260522
* https://bugzilla.suse.com/show_bug.cgi?id=1260527
* https://bugzilla.suse.com/show_bug.cgi?id=1260544
* https://bugzilla.suse.com/show_bug.cgi?id=1260550
* https://bugzilla.suse.com/show_bug.cgi?id=1260606
* https://bugzilla.suse.com/show_bug.cgi?id=1260730
* https://bugzilla.suse.com/show_bug.cgi?id=1260732
* https://bugzilla.suse.com/show_bug.cgi?id=1260735
* https://bugzilla.suse.com/show_bug.cgi?id=1260799
* https://bugzilla.suse.com/show_bug.cgi?id=1261496
* https://bugzilla.suse.com/show_bug.cgi?id=1261498
* https://bugzilla.suse.com/show_bug.cgi?id=1261506
* https://bugzilla.suse.com/show_bug.cgi?id=1261507
* https://bugzilla.suse.com/show_bug.cgi?id=1261669
* https://jira.suse.com/browse/PED-11175
* https://jira.suse.com/browse/PED-15042
* https://jira.suse.com/browse/PED-15441
* https://jira.suse.com/browse/PED-15986
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260422/e7a1a929/attachment.htm>
More information about the sle-updates
mailing list