SUSE-SU-2026:2631-1
Vulnerability from csaf_suse - Published: 2026-06-25 11:55 - Updated: 2026-06-25 11:55Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues
The following security issues were fixed:
- CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs (bsc#1266290).
- CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416).
- CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).
- CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (bsc#1262663).
- CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993).
- CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769).
- CVE-2026-31697: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (bsc#1264116).
- CVE-2026-31698: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (bsc#1263880).
- CVE-2026-31699: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (bsc#1263879).
- CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076).
- CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470).
- CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610).
- CVE-2026-45984: gfs2: Move the inode glock locking to gfs2_file_buffered_write (bsc#1267214).
- CVE-2026-46037: ipv4: icmp: validate reply type before using icmp_pointers (bsc#1267361).
- CVE-2026-46116: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (bsc#1267369).
- CVE-2026-46120: ip6_gre: Use cached t->net in ip6erspan_changelink() (bsc#1267640).
- CVE-2026-46123: Bluetooth: virtio_bt: clamp rx length before skb_put (bsc#1267621).
- CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387).
- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).
- CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size (bsc#1267381).
- CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267697).
The following non security issues were fixed:
- smb: client: correctly handle ErrorContextData as a flexible array (git-fixes).
Patchnames: SUSE-2026-2631,SUSE-SLE-Micro-5.3-2026-2631,SUSE-SLE-Micro-5.4-2026-2631
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
6.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
6.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
6.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
8.2 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.7 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
References
110 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs (bsc#1266290).\n- CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work (bsc#1255416).\n- CVE-2026-23392: netfilter: nf_tables: release flowtable after rcu grace period on error (bsc#1260531).\n- CVE-2026-31473: media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (bsc#1262663).\n- CVE-2026-31500: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (bsc#1262993).\n- CVE-2026-31613: smb: client: fix OOB reads parsing symlink error response (bsc#1263769).\n- CVE-2026-31697: crypto: ccp: Don\u0027t attempt to copy ID to userspace if PSP command failed (bsc#1264116).\n- CVE-2026-31698: crypto: ccp: Don\u0027t attempt to copy PDH cert to userspace if PSP command failed (bsc#1263880).\n- CVE-2026-31699: crypto: ccp: Don\u0027t attempt to copy CSR to userspace if PSP command failed (bsc#1263879).\n- CVE-2026-31759: usb: ulpi: fix double free in ulpi_register_interface() error path (bsc#1264076).\n- CVE-2026-43077: crypto: algif_aead - Fix minimum RX size check for decryption (bsc#1264470).\n- CVE-2026-43198: tcp: fix potential race in tcp_v6_syn_recv_sock() (bsc#1264610).\n- CVE-2026-45984: gfs2: Move the inode glock locking to gfs2_file_buffered_write (bsc#1267214).\n- CVE-2026-46037: ipv4: icmp: validate reply type before using icmp_pointers (bsc#1267361).\n- CVE-2026-46116: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete (bsc#1267369).\n- CVE-2026-46120: ip6_gre: Use cached t-\u003enet in ip6erspan_changelink() (bsc#1267640).\n- CVE-2026-46123: Bluetooth: virtio_bt: clamp rx length before skb_put (bsc#1267621).\n- CVE-2026-46150: fanotify: fix false positive on permission events (bsc#1267387).\n- CVE-2026-46159: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak (bsc#1267652).\n- CVE-2026-46197: drm/amdkfd: validate SVM ioctl nattr against buffer size (bsc#1267381).\n- CVE-2026-46227: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (bsc#1267697).\n\nThe following non security issues were fixed:\n\n- smb: client: correctly handle ErrorContextData as a flexible array (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-2631,SUSE-SLE-Micro-5.3-2026-2631,SUSE-SLE-Micro-5.4-2026-2631",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_2631-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:2631-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20262631-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:2631-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2026-June/047628.html"
},
{
"category": "self",
"summary": "SUSE Bug 1255416",
"url": "https://bugzilla.suse.com/1255416"
},
{
"category": "self",
"summary": "SUSE Bug 1258538",
"url": "https://bugzilla.suse.com/1258538"
},
{
"category": "self",
"summary": "SUSE Bug 1260531",
"url": "https://bugzilla.suse.com/1260531"
},
{
"category": "self",
"summary": "SUSE Bug 1262663",
"url": "https://bugzilla.suse.com/1262663"
},
{
"category": "self",
"summary": "SUSE Bug 1262993",
"url": "https://bugzilla.suse.com/1262993"
},
{
"category": "self",
"summary": "SUSE Bug 1263769",
"url": "https://bugzilla.suse.com/1263769"
},
{
"category": "self",
"summary": "SUSE Bug 1263879",
"url": "https://bugzilla.suse.com/1263879"
},
{
"category": "self",
"summary": "SUSE Bug 1263880",
"url": "https://bugzilla.suse.com/1263880"
},
{
"category": "self",
"summary": "SUSE Bug 1264076",
"url": "https://bugzilla.suse.com/1264076"
},
{
"category": "self",
"summary": "SUSE Bug 1264116",
"url": "https://bugzilla.suse.com/1264116"
},
{
"category": "self",
"summary": "SUSE Bug 1264470",
"url": "https://bugzilla.suse.com/1264470"
},
{
"category": "self",
"summary": "SUSE Bug 1264610",
"url": "https://bugzilla.suse.com/1264610"
},
{
"category": "self",
"summary": "SUSE Bug 1266214",
"url": "https://bugzilla.suse.com/1266214"
},
{
"category": "self",
"summary": "SUSE Bug 1266290",
"url": "https://bugzilla.suse.com/1266290"
},
{
"category": "self",
"summary": "SUSE Bug 1267214",
"url": "https://bugzilla.suse.com/1267214"
},
{
"category": "self",
"summary": "SUSE Bug 1267361",
"url": "https://bugzilla.suse.com/1267361"
},
{
"category": "self",
"summary": "SUSE Bug 1267369",
"url": "https://bugzilla.suse.com/1267369"
},
{
"category": "self",
"summary": "SUSE Bug 1267381",
"url": "https://bugzilla.suse.com/1267381"
},
{
"category": "self",
"summary": "SUSE Bug 1267387",
"url": "https://bugzilla.suse.com/1267387"
},
{
"category": "self",
"summary": "SUSE Bug 1267621",
"url": "https://bugzilla.suse.com/1267621"
},
{
"category": "self",
"summary": "SUSE Bug 1267640",
"url": "https://bugzilla.suse.com/1267640"
},
{
"category": "self",
"summary": "SUSE Bug 1267652",
"url": "https://bugzilla.suse.com/1267652"
},
{
"category": "self",
"summary": "SUSE Bug 1267697",
"url": "https://bugzilla.suse.com/1267697"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-10263 page",
"url": "https://www.suse.com/security/cve/CVE-2025-10263/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68324 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23392 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23392/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31473 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31473/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31500 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31613 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31697 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31697/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31698 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31698/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31699 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31699/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-31759 page",
"url": "https://www.suse.com/security/cve/CVE-2026-31759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43077 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-43198 page",
"url": "https://www.suse.com/security/cve/CVE-2026-43198/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-45984 page",
"url": "https://www.suse.com/security/cve/CVE-2026-45984/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46037 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46116 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46116/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46120 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46123 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46150 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46159 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46159/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46197 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46197/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46227 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46227/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2026-06-25T11:55:12Z",
"generator": {
"date": "2026-06-25T11:55:12Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:2631-1",
"initial_release_date": "2026-06-25T11:55:12Z",
"revision_history": [
{
"date": "2026-06-25T11:55:12Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.14.21-150400.15.173.1.noarch",
"product": {
"name": "kernel-devel-rt-5.14.21-150400.15.173.1.noarch",
"product_id": "kernel-devel-rt-5.14.21-150400.15.173.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"product": {
"name": "kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"product_id": "kernel-source-rt-5.14.21-150400.15.173.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "dlm-kmp-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "gfs2-kmp-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt-devel-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt-extra-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt-livepatch-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt-optional-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt_debug-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "kernel-syms-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "kselftests-kmp-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.14.21-150400.15.173.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.14.21-150400.15.173.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.14.21-150400.15.173.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.173.1.x86_64 as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.173.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.173.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.14.21-150400.15.173.1.x86_64 as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64"
},
"product_reference": "kernel-rt-5.14.21-150400.15.173.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.14.21-150400.15.173.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
},
"product_reference": "kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-10263",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-10263"
}
],
"notes": [
{
"category": "general",
"text": "Arm C1-Ultra, C1-Premium, Neoverse V3 \u0026 V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 \u0026 X1C, Cortex-A710, Cortex-A78, A78AE \u0026 A78C, Cortex-A77, Cortex-A76 \u0026 A76A may allow writes to resources owned by a higher exception level.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-10263",
"url": "https://www.suse.com/security/cve/CVE-2025-10263"
},
{
"category": "external",
"summary": "SUSE Bug 1266290 for CVE-2025-10263",
"url": "https://bugzilla.suse.com/1266290"
},
{
"category": "external",
"summary": "SUSE Bug 1266954 for CVE-2025-10263",
"url": "https://bugzilla.suse.com/1266954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "critical"
}
],
"title": "CVE-2025-10263"
},
{
"cve": "CVE-2025-68324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68324"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: imm: Fix use-after-free bug caused by unfinished delayed work\n\nThe delayed work item \u0027imm_tq\u0027 is initialized in imm_attach() and\nscheduled via imm_queuecommand() for processing SCSI commands. When the\nIMM parallel port SCSI host adapter is detached through imm_detach(),\nthe imm_struct device instance is deallocated.\n\nHowever, the delayed work might still be pending or executing\nwhen imm_detach() is called, leading to use-after-free bugs\nwhen the work function imm_interrupt() accesses the already\nfreed imm_struct memory.\n\nThe race condition can occur as follows:\n\nCPU 0(detach thread) | CPU 1\n | imm_queuecommand()\n | imm_queuecommand_lck()\nimm_detach() | schedule_delayed_work()\n kfree(dev) //FREE | imm_interrupt()\n | dev = container_of(...) //USE\n dev-\u003e //USE\n\nAdd disable_delayed_work_sync() in imm_detach() to guarantee proper\ncancellation of the delayed work item before imm_struct is deallocated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68324",
"url": "https://www.suse.com/security/cve/CVE-2025-68324"
},
{
"category": "external",
"summary": "SUSE Bug 1255416 for CVE-2025-68324",
"url": "https://bugzilla.suse.com/1255416"
},
{
"category": "external",
"summary": "SUSE Bug 1257117 for CVE-2025-68324",
"url": "https://bugzilla.suse.com/1257117"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "moderate"
}
],
"title": "CVE-2025-68324"
},
{
"cve": "CVE-2026-23392",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23392"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: release flowtable after rcu grace period on error\n\nCall synchronize_rcu() after unregistering the hooks from error path,\nsince a hook that already refers to this flowtable can be already\nregistered, exposing this flowtable to packet path and nfnetlink_hook\ncontrol plane.\n\nThis error path is rare, it should only happen by reaching the maximum\nnumber hooks or by failing to set up to hardware offload, just call\nsynchronize_rcu().\n\nThere is a check for already used device hooks by different flowtable\nthat could result in EEXIST at this late stage. The hook parser can be\nupdated to perform this check earlier to this error path really becomes\nrarely exercised.\n\nUncovered by KASAN reported as use-after-free from nfnetlink_hook path\nwhen dumping hooks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23392",
"url": "https://www.suse.com/security/cve/CVE-2026-23392"
},
{
"category": "external",
"summary": "SUSE Bug 1260531 for CVE-2026-23392",
"url": "https://bugzilla.suse.com/1260531"
},
{
"category": "external",
"summary": "SUSE Bug 1262016 for CVE-2026-23392",
"url": "https://bugzilla.suse.com/1262016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-23392"
},
{
"cve": "CVE-2026-31473",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31473"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex\n\nMEDIA_REQUEST_IOC_REINIT can run concurrently with VIDIOC_REQBUFS(0)\nqueue teardown paths. This can race request object cleanup against vb2\nqueue cancellation and lead to use-after-free reports.\n\nWe already serialize request queueing against STREAMON/OFF with\nreq_queue_mutex. Extend that serialization to REQBUFS, and also take\nthe same mutex in media_request_ioctl_reinit() so REINIT is in the\nsame exclusion domain.\n\nThis keeps request cleanup and queue cancellation from running in\nparallel for request-capable devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31473",
"url": "https://www.suse.com/security/cve/CVE-2026-31473"
},
{
"category": "external",
"summary": "SUSE Bug 1262663 for CVE-2026-31473",
"url": "https://bugzilla.suse.com/1262663"
},
{
"category": "external",
"summary": "SUSE Bug 1262775 for CVE-2026-31473",
"url": "https://bugzilla.suse.com/1262775"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-31473"
},
{
"cve": "CVE-2026-31500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31500"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock\n\nbtintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET\nand Intel exception-info retrieval) without holding\nhci_req_sync_lock(). This lets it race against\nhci_dev_do_close() -\u003e btintel_shutdown_combined(), which also runs\n__hci_cmd_sync() under the same lock. When both paths manipulate\nhdev-\u003ereq_status/req_rsp concurrently, the close path may free the\nresponse skb first, and the still-running hw_error path hits a\nslab-use-after-free in kfree_skb().\n\nWrap the whole recovery sequence in hci_req_sync_lock/unlock so it\nis serialized with every other synchronous HCI command issuer.\n\nBelow is the data race report and the kasan report:\n\n BUG: data-race in __hci_cmd_sync_sk / btintel_shutdown_combined\n\n read of hdev-\u003ereq_rsp at net/bluetooth/hci_sync.c:199\n by task kworker/u17:1/83:\n __hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200\n __hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223\n btintel_hw_error+0x114/0x670 drivers/bluetooth/btintel.c:254\n hci_error_reset+0x348/0xa30 net/bluetooth/hci_core.c:1030\n\n write/free by task ioctl/22580:\n btintel_shutdown_combined+0xd0/0x360\n drivers/bluetooth/btintel.c:3648\n hci_dev_close_sync+0x9ae/0x2c10 net/bluetooth/hci_sync.c:5246\n hci_dev_do_close+0x232/0x460 net/bluetooth/hci_core.c:526\n\n BUG: KASAN: slab-use-after-free in\n sk_skb_reason_drop+0x43/0x380 net/core/skbuff.c:1202\n Read of size 4 at addr ffff888144a738dc\n by task kworker/u17:1/83:\n __hci_cmd_sync_sk+0x12f2/0x1c30 net/bluetooth/hci_sync.c:200\n __hci_cmd_sync+0x55/0x80 net/bluetooth/hci_sync.c:223\n btintel_hw_error+0x186/0x670 drivers/bluetooth/btintel.c:260",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31500",
"url": "https://www.suse.com/security/cve/CVE-2026-31500"
},
{
"category": "external",
"summary": "SUSE Bug 1262993 for CVE-2026-31500",
"url": "https://bugzilla.suse.com/1262993"
},
{
"category": "external",
"summary": "SUSE Bug 1262994 for CVE-2026-31500",
"url": "https://bugzilla.suse.com/1262994"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-31500"
},
{
"cve": "CVE-2026-31613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31613"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: fix OOB reads parsing symlink error response\n\nWhen a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message()\nreturns success without any length validation, leaving the symlink\nparsers as the only defense against an untrusted server.\n\nsymlink_data() walks SMB 3.1.1 error contexts with the loop test \"p \u003c\nend\", but reads p-\u003eErrorId at offset 4 and p-\u003eErrorDataLength at offset\n0. When the server-controlled ErrorDataLength advances p to within 1-7\nbytes of end, the next iteration will read past it. When the matching\ncontext is found, sym-\u003eSymLinkErrorTag is read at offset 4 from\np-\u003eErrorContextData with no check that the symlink header itself fits.\n\nsmb2_parse_symlink_response() then bounds-checks the substitute name\nusing SMB2_SYMLINK_STRUCT_SIZE as the offset of PathBuffer from\niov_base. That value is computed as sizeof(smb2_err_rsp) +\nsizeof(smb2_symlink_err_rsp), which is correct only when\nErrorContextCount == 0.\n\nWith at least one error context the symlink data sits 8 bytes deeper,\nand each skipped non-matching context shifts it further by 8 +\nALIGN(ErrorDataLength, 8). The check is too short, allowing the\nsubstitute name read to run past iov_len. The out-of-bound heap bytes\nare UTF-16-decoded into the symlink target and returned to userspace via\nreadlink(2).\n\nFix this all up by making the loops test require the full context header\nto fit, rejecting sym if its header runs past end, and bound the\nsubstitute name against the actual position of sym-\u003ePathBuffer rather\nthan a fixed offset.\n\nBecause sub_offs and sub_len are 16bits, the pointer math will not\noverflow here with the new greater-than.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31613",
"url": "https://www.suse.com/security/cve/CVE-2026-31613"
},
{
"category": "external",
"summary": "SUSE Bug 1263769 for CVE-2026-31613",
"url": "https://bugzilla.suse.com/1263769"
},
{
"category": "external",
"summary": "SUSE Bug 1263770 for CVE-2026-31613",
"url": "https://bugzilla.suse.com/1263770"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-31613"
},
{
"cve": "CVE-2026-31697",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31697"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don\u0027t attempt to copy ID to userspace if PSP command failed\n\nWhen retrieving the ID for the CPU, don\u0027t attempt to copy the ID blob to\nuserspace if the firmware command failed. If the failure was due to an\ninvalid length, i.e. the userspace buffer+length was too small, copying\nthe number of bytes _firmware_ requires will overflow the kernel-allocated\nbuffer and leak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 64 at addr ffff8881867f5960 by task syz.0.906/24388\n\n CPU: 130 UID: 0 PID: 24388 Comm: syz.0.906 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.62.0-0 11/19/2025\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_get_id2+0x361/0x490 ../drivers/crypto/ccp/sev-dev.c:2222\n sev_ioctl+0x25f/0x490 ../drivers/crypto/ccp/sev-dev.c:2575\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31697",
"url": "https://www.suse.com/security/cve/CVE-2026-31697"
},
{
"category": "external",
"summary": "SUSE Bug 1264116 for CVE-2026-31697",
"url": "https://bugzilla.suse.com/1264116"
},
{
"category": "external",
"summary": "SUSE Bug 1264144 for CVE-2026-31697",
"url": "https://bugzilla.suse.com/1264144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-31697"
},
{
"cve": "CVE-2026-31698",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31698"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don\u0027t attempt to copy PDH cert to userspace if PSP command failed\n\nWhen retrieving the PDH cert, don\u0027t attempt to copy the blobs to userspace\nif the firmware command failed. If the failure was due to an invalid\nlength, i.e. the userspace buffer+length was too small, copying the number\nof bytes _firmware_ requires will overflow the kernel-allocated buffer and\nleak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 2084 at addr ffff8885c4ab8aa0 by task syz.0.186/21033\n\n CPU: 51 UID: 0 PID: 21033 Comm: syz.0.186 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 34.84.12-0 11/17/2025\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_pdh_export+0x3d3/0x7c0 ../drivers/crypto/ccp/sev-dev.c:2347\n sev_ioctl+0x2a2/0x490 ../drivers/crypto/ccp/sev-dev.c:2568\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31698",
"url": "https://www.suse.com/security/cve/CVE-2026-31698"
},
{
"category": "external",
"summary": "SUSE Bug 1263880 for CVE-2026-31698",
"url": "https://bugzilla.suse.com/1263880"
},
{
"category": "external",
"summary": "SUSE Bug 1263929 for CVE-2026-31698",
"url": "https://bugzilla.suse.com/1263929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-31698"
},
{
"cve": "CVE-2026-31699",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31699"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: ccp: Don\u0027t attempt to copy CSR to userspace if PSP command failed\n\nWhen retrieving the PEK CSR, don\u0027t attempt to copy the blob to userspace\nif the firmware command failed. If the failure was due to an invalid\nlength, i.e. the userspace buffer+length was too small, copying the number\nof bytes _firmware_ requires will overflow the kernel-allocated buffer and\nleak data to userspace.\n\n BUG: KASAN: slab-out-of-bounds in instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n BUG: KASAN: slab-out-of-bounds in _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n Read of size 2084 at addr ffff898144612e20 by task syz.9.219/21405\n\n CPU: 14 UID: 0 PID: 21405 Comm: syz.9.219 Tainted: G U O 7.0.0-smp-DEV #28 PREEMPTLAZY\n Tainted: [U]=USER, [O]=OOT_MODULE\n Hardware name: Google, Inc. Arcadia_IT_80/Arcadia_IT_80, BIOS 12.62.0-0 11/19/2025\n Call Trace:\n \u003cTASK\u003e\n dump_stack_lvl+0xc5/0x110 ../lib/dump_stack.c:120\n print_address_description ../mm/kasan/report.c:378 [inline]\n print_report+0xbc/0x260 ../mm/kasan/report.c:482\n kasan_report+0xa2/0xe0 ../mm/kasan/report.c:595\n check_region_inline ../mm/kasan/generic.c:-1 [inline]\n kasan_check_range+0x264/0x2c0 ../mm/kasan/generic.c:200\n instrument_copy_to_user ../include/linux/instrumented.h:129 [inline]\n _inline_copy_to_user ../include/linux/uaccess.h:205 [inline]\n _copy_to_user+0x66/0xa0 ../lib/usercopy.c:26\n copy_to_user ../include/linux/uaccess.h:236 [inline]\n sev_ioctl_do_pek_csr+0x31f/0x590 ../drivers/crypto/ccp/sev-dev.c:1872\n sev_ioctl+0x3a4/0x490 ../drivers/crypto/ccp/sev-dev.c:2562\n vfs_ioctl ../fs/ioctl.c:51 [inline]\n __do_sys_ioctl ../fs/ioctl.c:597 [inline]\n __se_sys_ioctl+0x11d/0x1b0 ../fs/ioctl.c:583\n do_syscall_x64 ../arch/x86/entry/syscall_64.c:63 [inline]\n do_syscall_64+0xe0/0x800 ../arch/x86/entry/syscall_64.c:94\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n \u003c/TASK\u003e\n\nWARN if the driver says the command succeeded, but the firmware error code\nsays otherwise, as __sev_do_cmd_locked() is expected to return -EIO on any\nfirwmware error.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31699",
"url": "https://www.suse.com/security/cve/CVE-2026-31699"
},
{
"category": "external",
"summary": "SUSE Bug 1263879 for CVE-2026-31699",
"url": "https://bugzilla.suse.com/1263879"
},
{
"category": "external",
"summary": "SUSE Bug 1263928 for CVE-2026-31699",
"url": "https://bugzilla.suse.com/1263928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-31699"
},
{
"cve": "CVE-2026-31759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-31759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: ulpi: fix double free in ulpi_register_interface() error path\n\nWhen device_register() fails, ulpi_register() calls put_device() on\nulpi-\u003edev.\n\nThe device release callback ulpi_dev_release() drops the OF node\nreference and frees ulpi, but the current error path in\nulpi_register_interface() then calls kfree(ulpi) again, causing a\ndouble free.\n\nLet put_device() handle the cleanup through ulpi_dev_release() and\navoid freeing ulpi again in ulpi_register_interface().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-31759",
"url": "https://www.suse.com/security/cve/CVE-2026-31759"
},
{
"category": "external",
"summary": "SUSE Bug 1264076 for CVE-2026-31759",
"url": "https://bugzilla.suse.com/1264076"
},
{
"category": "external",
"summary": "SUSE Bug 1264078 for CVE-2026-31759",
"url": "https://bugzilla.suse.com/1264078"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-31759"
},
{
"cve": "CVE-2026-43077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43077"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: algif_aead - Fix minimum RX size check for decryption\n\nThe check for the minimum receive buffer size did not take the\ntag size into account during decryption. Fix this by adding the\nrequired extra length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43077",
"url": "https://www.suse.com/security/cve/CVE-2026-43077"
},
{
"category": "external",
"summary": "SUSE Bug 1264470 for CVE-2026-43077",
"url": "https://bugzilla.suse.com/1264470"
},
{
"category": "external",
"summary": "SUSE Bug 1265306 for CVE-2026-43077",
"url": "https://bugzilla.suse.com/1265306"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-43077"
},
{
"cve": "CVE-2026-43198",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-43198"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: fix potential race in tcp_v6_syn_recv_sock()\n\nCode in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()\nis done too late.\n\nAfter tcp_v4_syn_recv_sock(), the child socket is already visible\nfrom TCP ehash table and other cpus might use it.\n\nSince newinet-\u003epinet6 is still pointing to the listener ipv6_pinfo\nbad things can happen as syzbot found.\n\nMove the problematic code in tcp_v6_mapped_child_init()\nand call this new helper from tcp_v4_syn_recv_sock() before\nthe ehash insertion.\n\nThis allows the removal of one tcp_sync_mss(), since\ntcp_v4_syn_recv_sock() will call it with the correct\ncontext.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-43198",
"url": "https://www.suse.com/security/cve/CVE-2026-43198"
},
{
"category": "external",
"summary": "SUSE Bug 1264610 for CVE-2026-43198",
"url": "https://bugzilla.suse.com/1264610"
},
{
"category": "external",
"summary": "SUSE Bug 1264611 for CVE-2026-43198",
"url": "https://bugzilla.suse.com/1264611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-43198"
},
{
"cve": "CVE-2026-45984",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-45984"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix use-after-free in iomap inline data write path\n\nThe inline data buffer head (dibh) is being released prematurely in\ngfs2_iomap_begin() via release_metapath() while iomap-\u003einline_data\nstill points to dibh-\u003eb_data. This causes a use-after-free when\niomap_write_end_inline() later attempts to write to the inline data\narea.\n\nThe bug sequence:\n1. gfs2_iomap_begin() calls gfs2_meta_inode_buffer() to read inode\n metadata into dibh\n2. Sets iomap-\u003einline_data = dibh-\u003eb_data + sizeof(struct gfs2_dinode)\n3. Calls release_metapath() which calls brelse(dibh), dropping refcount\n to 0\n4. kswapd reclaims the page (~39ms later in the syzbot report)\n5. iomap_write_end_inline() tries to memcpy() to iomap-\u003einline_data\n6. KASAN detects use-after-free write to freed memory\n\nFix by storing dibh in iomap-\u003eprivate and incrementing its refcount\nwith get_bh() in gfs2_iomap_begin(). The buffer is then properly\nreleased in gfs2_iomap_end() after the inline write completes,\nensuring the page stays alive for the entire iomap operation.\n\nNote: A C reproducer is not available for this issue. The fix is based\non analysis of the KASAN report and code review showing the buffer head\nis freed before use.\n\n[agruenba: Take buffer head reference in gfs2_iomap_begin() to avoid\nleaks in gfs2_iomap_get() and gfs2_iomap_alloc().]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-45984",
"url": "https://www.suse.com/security/cve/CVE-2026-45984"
},
{
"category": "external",
"summary": "SUSE Bug 1267214 for CVE-2026-45984",
"url": "https://bugzilla.suse.com/1267214"
},
{
"category": "external",
"summary": "SUSE Bug 1267215 for CVE-2026-45984",
"url": "https://bugzilla.suse.com/1267215"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-45984"
},
{
"cve": "CVE-2026-46037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46037"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nipv4: icmp: validate reply type before using icmp_pointers\n\nExtended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply type.\nThat value is outside the range covered by icmp_pointers[], which only\ndescribes the traditional ICMP types up to NR_ICMP_TYPES.\n\nAvoid consulting icmp_pointers[] for reply types outside that range, and\nuse array_index_nospec() for the remaining in-range lookup. Normal ICMP\nreplies keep their existing behavior unchanged.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46037",
"url": "https://www.suse.com/security/cve/CVE-2026-46037"
},
{
"category": "external",
"summary": "SUSE Bug 1267361 for CVE-2026-46037",
"url": "https://bugzilla.suse.com/1267361"
},
{
"category": "external",
"summary": "SUSE Bug 1267362 for CVE-2026-46037",
"url": "https://bugzilla.suse.com/1267362"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46037"
},
{
"cve": "CVE-2026-46116",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46116"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: defensively unhash xfrm_state lists in __xfrm_state_delete\n\nKASAN reproduces a slab-use-after-free in __xfrm_state_delete()\u0027s\nhlist_del_rcu calls under syzkaller load on linux-6.12.y stable\n(reproduced on 6.12.47, also reachable via the same code path on\ntorvalds/master and on the ipsec tree). Nine unique signatures cluster\nin the xfrm_state lifecycle, the load-bearing one being:\n\n BUG: KASAN: slab-use-after-free in __hlist_del include/linux/list.h:990 [inline]\n BUG: KASAN: slab-use-after-free in hlist_del_rcu include/linux/rculist.h:516 [inline]\n BUG: KASAN: slab-use-after-free in __xfrm_state_delete net/xfrm/xfrm_state.c\n Write of size 8 at addr ffff8881198bcb70 by task kworker/u8:9/435\n\n Workqueue: netns cleanup_net\n Call Trace:\n __hlist_del / hlist_del_rcu\n __xfrm_state_delete\n xfrm_state_delete\n xfrm_state_flush\n xfrm_state_fini\n ops_exit_list\n cleanup_net\n\nThe other observed signatures hit the same slab object from\n__xfrm_state_lookup, xfrm_alloc_spi, __xfrm_state_insert and an OOB\nwrite variant of __xfrm_state_delete, all on the byseq/byspi\nhash chains.\n\n__xfrm_state_delete() guards its byseq and byspi unhashes with\nvalue-based predicates:\n\n\tif (x-\u003ekm.seq)\n\t\thlist_del_rcu(\u0026x-\u003ebyseq);\n\tif (x-\u003eid.spi)\n\t\thlist_del_rcu(\u0026x-\u003ebyspi);\n\nwhile everywhere else in the file (e.g. state_cache, state_cache_input)\nthe safer hlist_unhashed() check is used. xfrm_alloc_spi() sets\nx-\u003eid.spi = newspi inside xfrm_state_lock and then immediately inserts\ninto byspi, but a path that observes x-\u003eid.spi != 0 outside of\nxfrm_state_lock can still skip-or-hit the byspi unhash inconsistently\nwith whether x is actually on the list. The same holds for x-\u003ekm.seq\nversus byseq, and the bydst/bysrc unhashes have no predicate at all,\nso a second __xfrm_state_delete() on the same object writes through\nLIST_POISON pprev.\n\nThe defensive change here:\n\n - Use hlist_del_init_rcu() instead of hlist_del_rcu() on bydst,\n bysrc, byseq and byspi so a second deletion is a no-op rather\n than a write through LIST_POISON pprev. The byseq/byspi nodes\n are already initialised in xfrm_state_alloc().\n - Test hlist_unhashed() rather than the value predicate for\n byseq/byspi, so the unhash decision tracks list state rather than\n mutable scalar fields.\n\nEmpirical verification: applied this patch on top of v6.12.47, rebuilt,\nand re-ran the same syzkaller harness for 1h16m on a previously-crashy\nconfiguration that produced ~100 hits each of slab-use-after-free\nRead in xfrm_alloc_spi / Read in __xfrm_state_lookup / Write in\n__xfrm_state_delete. After the patch, 7.1M execs across 32 VMs at\n~1550 exec/sec produced zero xfrm_state UAF/OOB hits. /proc/slabinfo\nconfirms the xfrm_state slab is actively allocated and freed during\nthe run (~143 KiB resident), so the fuzzer is still exercising those\ncode paths -- they just no longer crash.\n\nReproduction:\n\n - Linux 6.12.47 x86_64 + KASAN_GENERIC + KASAN_INLINE + KCOV\n - syzkaller @ 746545b8b1e4c3a128db8652b340d3df90ce61db\n - 32 QEMU/KVM VMs x 2 vCPU on AWS c5.metal bare metal\n - 9 unique signatures collected in ~9h, all within xfrm_state\n lifecycle",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46116",
"url": "https://www.suse.com/security/cve/CVE-2026-46116"
},
{
"category": "external",
"summary": "SUSE Bug 1267369 for CVE-2026-46116",
"url": "https://bugzilla.suse.com/1267369"
},
{
"category": "external",
"summary": "SUSE Bug 1267370 for CVE-2026-46116",
"url": "https://bugzilla.suse.com/1267370"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46116"
},
{
"cve": "CVE-2026-46120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46120"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nip6_gre: Use cached t-\u003enet in ip6erspan_changelink().\n\nAfter commit 5e72ce3e3980 (\"net: ipv6: Use link netns in newlink() of\nrtnl_link_ops\"), ip6erspan_newlink() correctly resolves the per-netns\nip6gre hash via link_net. ip6erspan_changelink() was not converted in\nthat series and still uses dev_net(dev), which diverges from the\ndevice\u0027s creation netns after IFLA_NET_NS_FD migration.\n\nThis re-inserts the tunnel into the wrong per-netns hash. The\noriginal netns keeps a stale entry. When that netns is later\ndestroyed, ip6gre_exit_rtnl_net() walks the stale entry, producing a\nslab-use-after-free reported by KASAN, followed by a kernel BUG at\nnet/core/dev.c (LIST_POISON1) in unregister_netdevice_many_notify().\n\nReachable from an unprivileged user namespace (unshare --user\n--map-root-user --net).\n\nip6gre_changelink() earlier in the same file already uses the cached\nt-\u003enet; only ip6erspan_changelink() has the wrong shape.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46120",
"url": "https://www.suse.com/security/cve/CVE-2026-46120"
},
{
"category": "external",
"summary": "SUSE Bug 1267640 for CVE-2026-46120",
"url": "https://bugzilla.suse.com/1267640"
},
{
"category": "external",
"summary": "SUSE Bug 1267893 for CVE-2026-46120",
"url": "https://bugzilla.suse.com/1267893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46120"
},
{
"cve": "CVE-2026-46123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46123"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: virtio_bt: clamp rx length before skb_put\n\nvirtbt_rx_work() calls skb_put(skb, len) where len comes directly\nfrom virtqueue_get_buf() with no validation against the buffer we\nposted to the device. The RX skb is allocated in virtbt_add_inbuf()\nand exposed to virtio as exactly 1000 bytes via sg_init_one().\n\nChecking len against skb_tailroom(skb) is not sufficient because\nalloc_skb() can leave more tailroom than the 1000 bytes actually\nhanded to the device. A malicious or buggy backend can therefore\nreport used.len between 1001 and skb_tailroom(skb), causing skb_put()\nto include uninitialized kernel heap bytes that were never written by\nthe device.\n\nThe same path also accepts len == 0, in which case skb_put(skb, 0)\nleaves the skb empty but virtbt_rx_handle() still reads the pkt_type\nbyte from skb-\u003edata, consuming uninitialized memory.\n\nDefine VIRTBT_RX_BUF_SIZE once and reuse it in alloc_skb() and\nsg_init_one(), and gate virtbt_rx_work() on that same constant so\nthe bound checked matches the buffer actually exposed to the device.\nReject used.len == 0 in the same gate so an empty completion can\nno longer reach virtbt_rx_handle().\n\nUse bt_dev_err_ratelimited() because the length value comes from an\nuntrusted backend that can otherwise flood the kernel log.\n\nSame class of bug as commit c04db81cd028 (\"net/9p: Fix buffer\noverflow in USB transport layer\"), which hardened the USB 9p\ntransport against unchecked device-reported length.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46123",
"url": "https://www.suse.com/security/cve/CVE-2026-46123"
},
{
"category": "external",
"summary": "SUSE Bug 1267621 for CVE-2026-46123",
"url": "https://bugzilla.suse.com/1267621"
},
{
"category": "external",
"summary": "SUSE Bug 1267622 for CVE-2026-46123",
"url": "https://bugzilla.suse.com/1267622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46123"
},
{
"cve": "CVE-2026-46150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46150"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfanotify: fix false positive on permission events\n\nfsnotify_get_mark_safe() may return false for a mark on an unrelated group,\nwhich results in bypassing the permission check.\n\nFix by skipping over detached marks that are not in the current group.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46150",
"url": "https://www.suse.com/security/cve/CVE-2026-46150"
},
{
"category": "external",
"summary": "SUSE Bug 1267387 for CVE-2026-46150",
"url": "https://bugzilla.suse.com/1267387"
},
{
"category": "external",
"summary": "SUSE Bug 1267388 for CVE-2026-46150",
"url": "https://bugzilla.suse.com/1267388"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46150"
},
{
"cve": "CVE-2026-46159",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46159"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak\n\nbtrfs_ioctl_space_info() has a TOCTOU race between two passes over the\nblock group RAID type lists. The first pass counts entries to determine\nthe allocation size, then the second pass fills the buffer. The\ngroups_sem rwlock is released between passes, allowing concurrent block\ngroup removal to reduce the entry count.\n\nWhen the second pass fills fewer entries than the first pass counted,\ncopy_to_user() copies the full alloc_size bytes including trailing\nuninitialized kmalloc bytes to userspace.\n\nFix by copying only total_spaces entries (the actually-filled count from\nthe second pass) instead of alloc_size bytes, and switch to kzalloc so\nany future copy size mismatch cannot leak heap data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46159",
"url": "https://www.suse.com/security/cve/CVE-2026-46159"
},
{
"category": "external",
"summary": "SUSE Bug 1267652 for CVE-2026-46159",
"url": "https://bugzilla.suse.com/1267652"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "moderate"
}
],
"title": "CVE-2026-46159"
},
{
"cve": "CVE-2026-46197",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46197"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdkfd: validate SVM ioctl nattr against buffer size\n\nValidate nattr field against the buffer size, preventing\nout-of-bounds buffer access via user-controlled attribute count.\n\n(cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46197",
"url": "https://www.suse.com/security/cve/CVE-2026-46197"
},
{
"category": "external",
"summary": "SUSE Bug 1267381 for CVE-2026-46197",
"url": "https://bugzilla.suse.com/1267381"
},
{
"category": "external",
"summary": "SUSE Bug 1267382 for CVE-2026-46197",
"url": "https://bugzilla.suse.com/1267382"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46197"
},
{
"cve": "CVE-2026-46227",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46227"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL\n\nThe SCTP_SENDALL path in sctp_sendmsg() iterates ep-\u003easocs with\nlist_for_each_entry_safe(), which caches the next entry in @tmp before\nthe loop body runs. The body calls sctp_sendmsg_to_asoc(), which may\ndrop the socket lock inside sctp_wait_for_sndbuf().\n\nWhile the lock is dropped, another thread can SCTP_SOCKOPT_PEELOFF the\nassociation cached in @tmp, migrating it to a new endpoint via\nsctp_sock_migrate() (list_del_init() + list_add_tail() to\nnewep-\u003easocs), and optionally close the new socket which frees the\nassociation via kfree_rcu(). The cached @tmp can also be freed by a\nnetwork ABORT for that association, processed in softirq while the\nlock is dropped.\n\nsctp_wait_for_sndbuf() revalidates @asoc (the current entry) on re-lock\nvia the \"sk != asoc-\u003ebase.sk\" and \"asoc-\u003ebase.dead\" checks, but nothing\nrevalidates @tmp. After a successful return, the iterator advances to\nthe stale @tmp, yielding either a use-after-free (if the peeled socket\nwas closed) or a list-walk onto the new endpoint\u0027s list head (type\nconfusion of \u0026newep-\u003easocs as a struct sctp_association *).\n\nBoth are reachable from CapEff=0; the type-confusion path gives\ncontrolled indirect call via the outqueue.sched-\u003einit_sid pointer.\n\nFix by re-deriving @tmp from @asoc after sctp_sendmsg_to_asoc()\nreturns. @asoc is known to still be on ep-\u003easocs at that point: the\nonly callers that list_del an association from ep-\u003easocs are\nsctp_association_free() (which sets asoc-\u003ebase.dead) and\nsctp_assoc_migrate() (which changes asoc-\u003ebase.sk), and\nsctp_wait_for_sndbuf() checks both under the lock before any\nsuccessful return; a tripped check propagates as err \u003c 0 and the loop\nbails before the re-derive.\n\nThe SCTP_ABORT path in sctp_sendmsg_check_sflags() returns 0 and the\nloop hits \u0027continue\u0027 before sctp_sendmsg_to_asoc() is ever called, so\nthe @tmp cached by list_for_each_entry_safe() still covers the\nlock-held free that ba59fb027307 (\"sctp: walk the list of asoc\nsafely\") was added for.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46227",
"url": "https://www.suse.com/security/cve/CVE-2026-46227"
},
{
"category": "external",
"summary": "SUSE Bug 1267697 for CVE-2026-46227",
"url": "https://bugzilla.suse.com/1267697"
},
{
"category": "external",
"summary": "SUSE Bug 1267698 for CVE-2026-46227",
"url": "https://bugzilla.suse.com/1267698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.3:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.3:kernel-source-rt-5.14.21-150400.15.173.1.noarch",
"SUSE Linux Enterprise Micro 5.4:kernel-rt-5.14.21-150400.15.173.1.x86_64",
"SUSE Linux Enterprise Micro 5.4:kernel-source-rt-5.14.21-150400.15.173.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-25T11:55:12Z",
"details": "important"
}
],
"title": "CVE-2026-46227"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…