Security update for the Linux Kernel
| Announcement ID: | SUSE-SU-2026:0984-1 |
|---|---|
| Release Date: | 2026-03-23T22:20:54Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves 11 vulnerabilities and has two security fixes can now be installed.
Description:
The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
- CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
- CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
- CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
- CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
- CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
- CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
- CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
- CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
- CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).
The following non-security bugs were fixed:
- Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).
- apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
- apparmor: fix differential encoding verification (bsc#1258849).
- apparmor: fix memory leak in verify_header (bsc#1258849).
- apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
- apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
- apparmor: fix race on rawdata dereference (bsc#1258849).
- apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
- apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
- apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
- apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
- apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
Special Instructions and Notes:
- Please reboot the system after installing this update.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Live Patching 15-SP4
zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2026-984=1 -
openSUSE Leap 15.4
zypper in -t patch SUSE-2026-984=1 -
SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-984=1 -
SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-984=1 -
SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-984=1 -
SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-984=1 -
SUSE Linux Enterprise High Availability Extension 15 SP4
zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2026-984=1 -
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2026-984=1 -
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2026-984=1 -
SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2026-984=1 -
SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2026-984=1
Package List:
-
SUSE Linux Enterprise Live Patching 15-SP4 (nosrc)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Live Patching 15-SP4 (ppc64le s390x x86_64)
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-livepatch-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-1-150400.9.3.1
- kernel-livepatch-5_14_21-150400_24_197-default-1-150400.9.3.1
- kernel-livepatch-SLE15-SP4_Update_49-debugsource-1-150400.9.3.1
- kernel-default-livepatch-devel-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (noarch nosrc)
- kernel-docs-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (noarch)
- kernel-devel-5.14.21-150400.24.197.1
- kernel-docs-html-5.14.21-150400.24.197.1
- kernel-macros-5.14.21-150400.24.197.1
- kernel-source-vanilla-5.14.21-150400.24.197.1
- kernel-source-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (aarch64 ppc64le x86_64)
- kernel-default-base-rebuild-5.14.21-150400.24.197.1.150400.24.100.1
- kernel-kvmsmall-debuginfo-5.14.21-150400.24.197.1
- kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.197.1
- kernel-kvmsmall-devel-5.14.21-150400.24.197.1
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
- kernel-kvmsmall-debugsource-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
- ocfs2-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kselftests-kmp-default-debuginfo-5.14.21-150400.24.197.1
- ocfs2-kmp-default-5.14.21-150400.24.197.1
- kernel-default-debugsource-5.14.21-150400.24.197.1
- cluster-md-kmp-default-5.14.21-150400.24.197.1
- kselftests-kmp-default-5.14.21-150400.24.197.1
- gfs2-kmp-default-debuginfo-5.14.21-150400.24.197.1
- cluster-md-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kernel-syms-5.14.21-150400.24.197.1
- reiserfs-kmp-default-5.14.21-150400.24.197.1
- kernel-default-optional-debuginfo-5.14.21-150400.24.197.1
- kernel-default-devel-debuginfo-5.14.21-150400.24.197.1
- kernel-default-extra-debuginfo-5.14.21-150400.24.197.1
- gfs2-kmp-default-5.14.21-150400.24.197.1
- dlm-kmp-default-5.14.21-150400.24.197.1
- kernel-default-devel-5.14.21-150400.24.197.1
- reiserfs-kmp-default-debuginfo-5.14.21-150400.24.197.1
- dlm-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kernel-obs-qa-5.14.21-150400.24.197.1
- kernel-default-livepatch-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- kernel-obs-build-debugsource-5.14.21-150400.24.197.1
- kernel-obs-build-5.14.21-150400.24.197.1
- kernel-default-extra-5.14.21-150400.24.197.1
- kernel-default-optional-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (ppc64le s390x x86_64)
- kernel-default-livepatch-devel-5.14.21-150400.24.197.1
- kernel-livepatch-5_14_21-150400_24_197-default-1-150400.9.3.1
- kernel-livepatch-5_14_21-150400_24_197-default-debuginfo-1-150400.9.3.1
- kernel-livepatch-SLE15-SP4_Update_49-debugsource-1-150400.9.3.1
-
openSUSE Leap 15.4 (aarch64 nosrc ppc64le x86_64)
- kernel-kvmsmall-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (nosrc s390x)
- kernel-zfcpdump-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (s390x)
- kernel-zfcpdump-debuginfo-5.14.21-150400.24.197.1
- kernel-zfcpdump-debugsource-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (nosrc)
- dtb-aarch64-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (aarch64)
- dtb-allwinner-5.14.21-150400.24.197.1
- dtb-amd-5.14.21-150400.24.197.1
- dtb-arm-5.14.21-150400.24.197.1
- gfs2-kmp-64kb-5.14.21-150400.24.197.1
- dtb-amazon-5.14.21-150400.24.197.1
- gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.197.1
- kernel-64kb-devel-5.14.21-150400.24.197.1
- dtb-qcom-5.14.21-150400.24.197.1
- dtb-freescale-5.14.21-150400.24.197.1
- kernel-64kb-extra-5.14.21-150400.24.197.1
- cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.197.1
- kselftests-kmp-64kb-5.14.21-150400.24.197.1
- kernel-64kb-debuginfo-5.14.21-150400.24.197.1
- reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.197.1
- kernel-64kb-extra-debuginfo-5.14.21-150400.24.197.1
- dtb-marvell-5.14.21-150400.24.197.1
- dlm-kmp-64kb-debuginfo-5.14.21-150400.24.197.1
- dlm-kmp-64kb-5.14.21-150400.24.197.1
- ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.197.1
- kernel-64kb-debugsource-5.14.21-150400.24.197.1
- cluster-md-kmp-64kb-5.14.21-150400.24.197.1
- dtb-exynos-5.14.21-150400.24.197.1
- dtb-nvidia-5.14.21-150400.24.197.1
- dtb-broadcom-5.14.21-150400.24.197.1
- kernel-64kb-optional-5.14.21-150400.24.197.1
- dtb-amlogic-5.14.21-150400.24.197.1
- ocfs2-kmp-64kb-5.14.21-150400.24.197.1
- dtb-cavium-5.14.21-150400.24.197.1
- dtb-socionext-5.14.21-150400.24.197.1
- dtb-xilinx-5.14.21-150400.24.197.1
- dtb-renesas-5.14.21-150400.24.197.1
- dtb-rockchip-5.14.21-150400.24.197.1
- dtb-mediatek-5.14.21-150400.24.197.1
- kernel-64kb-optional-debuginfo-5.14.21-150400.24.197.1
- dtb-apm-5.14.21-150400.24.197.1
- reiserfs-kmp-64kb-5.14.21-150400.24.197.1
- kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.197.1
- dtb-apple-5.14.21-150400.24.197.1
- dtb-sprd-5.14.21-150400.24.197.1
- dtb-altera-5.14.21-150400.24.197.1
- dtb-lg-5.14.21-150400.24.197.1
- dtb-hisilicon-5.14.21-150400.24.197.1
- kernel-64kb-devel-debuginfo-5.14.21-150400.24.197.1
-
openSUSE Leap 15.4 (aarch64 nosrc)
- kernel-64kb-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 nosrc s390x x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 x86_64)
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
-
SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro 5.3 (aarch64 nosrc s390x x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro 5.3 (aarch64 x86_64)
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
-
SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 nosrc s390x x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 x86_64)
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
-
SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro 5.4 (aarch64 nosrc s390x x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Micro 5.4 (aarch64 x86_64)
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
-
SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Availability Extension 15 SP4 (aarch64 ppc64le s390x x86_64)
- ocfs2-kmp-default-debuginfo-5.14.21-150400.24.197.1
- dlm-kmp-default-debuginfo-5.14.21-150400.24.197.1
- gfs2-kmp-default-5.14.21-150400.24.197.1
- dlm-kmp-default-5.14.21-150400.24.197.1
- ocfs2-kmp-default-5.14.21-150400.24.197.1
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- cluster-md-kmp-default-5.14.21-150400.24.197.1
- gfs2-kmp-default-debuginfo-5.14.21-150400.24.197.1
- cluster-md-kmp-default-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Availability Extension 15 SP4 (nosrc)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc)
- kernel-64kb-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64)
- kernel-64kb-debuginfo-5.14.21-150400.24.197.1
- kernel-64kb-devel-5.14.21-150400.24.197.1
- kernel-64kb-debugsource-5.14.21-150400.24.197.1
- kernel-64kb-devel-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 nosrc x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64)
- kernel-default-devel-5.14.21-150400.24.197.1
- reiserfs-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- kernel-obs-build-debugsource-5.14.21-150400.24.197.1
- kernel-obs-build-5.14.21-150400.24.197.1
- kernel-default-devel-debuginfo-5.14.21-150400.24.197.1
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
- kernel-syms-5.14.21-150400.24.197.1
- reiserfs-kmp-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
- kernel-macros-5.14.21-150400.24.197.1
- kernel-source-5.14.21-150400.24.197.1
- kernel-devel-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch nosrc)
- kernel-docs-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc)
- kernel-64kb-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64)
- kernel-64kb-debuginfo-5.14.21-150400.24.197.1
- kernel-64kb-devel-5.14.21-150400.24.197.1
- kernel-64kb-debugsource-5.14.21-150400.24.197.1
- kernel-64kb-devel-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 nosrc x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64)
- kernel-default-devel-5.14.21-150400.24.197.1
- reiserfs-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- kernel-obs-build-debugsource-5.14.21-150400.24.197.1
- kernel-obs-build-5.14.21-150400.24.197.1
- kernel-default-devel-debuginfo-5.14.21-150400.24.197.1
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
- kernel-syms-5.14.21-150400.24.197.1
- reiserfs-kmp-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
- kernel-macros-5.14.21-150400.24.197.1
- kernel-source-5.14.21-150400.24.197.1
- kernel-devel-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch nosrc)
- kernel-docs-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 nosrc)
- kernel-64kb-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64)
- kernel-64kb-debuginfo-5.14.21-150400.24.197.1
- kernel-64kb-devel-5.14.21-150400.24.197.1
- kernel-64kb-debugsource-5.14.21-150400.24.197.1
- kernel-64kb-devel-debuginfo-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le x86_64)
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
- kernel-default-devel-5.14.21-150400.24.197.1
- reiserfs-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- kernel-obs-build-debugsource-5.14.21-150400.24.197.1
- kernel-obs-build-5.14.21-150400.24.197.1
- kernel-default-devel-debuginfo-5.14.21-150400.24.197.1
- kernel-syms-5.14.21-150400.24.197.1
- reiserfs-kmp-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
- kernel-macros-5.14.21-150400.24.197.1
- kernel-source-5.14.21-150400.24.197.1
- kernel-devel-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (noarch nosrc)
- kernel-docs-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (nosrc s390x)
- kernel-zfcpdump-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server 15 SP4 LTSS (s390x)
- kernel-zfcpdump-debuginfo-5.14.21-150400.24.197.1
- kernel-zfcpdump-debugsource-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (nosrc ppc64le x86_64)
- kernel-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
- kernel-default-devel-5.14.21-150400.24.197.1
- reiserfs-kmp-default-debuginfo-5.14.21-150400.24.197.1
- kernel-default-debugsource-5.14.21-150400.24.197.1
- kernel-default-debuginfo-5.14.21-150400.24.197.1
- kernel-obs-build-debugsource-5.14.21-150400.24.197.1
- kernel-obs-build-5.14.21-150400.24.197.1
- kernel-default-devel-debuginfo-5.14.21-150400.24.197.1
- kernel-default-base-5.14.21-150400.24.197.1.150400.24.100.1
- kernel-syms-5.14.21-150400.24.197.1
- reiserfs-kmp-default-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
- kernel-macros-5.14.21-150400.24.197.1
- kernel-source-5.14.21-150400.24.197.1
- kernel-devel-5.14.21-150400.24.197.1
-
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch nosrc)
- kernel-docs-5.14.21-150400.24.197.1
References:
- https://www.suse.com/security/cve/CVE-2025-21738.html
- https://www.suse.com/security/cve/CVE-2025-40242.html
- https://www.suse.com/security/cve/CVE-2025-71066.html
- https://www.suse.com/security/cve/CVE-2026-23004.html
- https://www.suse.com/security/cve/CVE-2026-23054.html
- https://www.suse.com/security/cve/CVE-2026-23060.html
- https://www.suse.com/security/cve/CVE-2026-23191.html
- https://www.suse.com/security/cve/CVE-2026-23204.html
- https://www.suse.com/security/cve/CVE-2026-23209.html
- https://www.suse.com/security/cve/CVE-2026-23268.html
- https://www.suse.com/security/cve/CVE-2026-23269.html
- https://bugzilla.suse.com/show_bug.cgi?id=1238917
- https://bugzilla.suse.com/show_bug.cgi?id=1255075
- https://bugzilla.suse.com/show_bug.cgi?id=1256645
- https://bugzilla.suse.com/show_bug.cgi?id=1257231
- https://bugzilla.suse.com/show_bug.cgi?id=1257473
- https://bugzilla.suse.com/show_bug.cgi?id=1257732
- https://bugzilla.suse.com/show_bug.cgi?id=1257735
- https://bugzilla.suse.com/show_bug.cgi?id=1258340
- https://bugzilla.suse.com/show_bug.cgi?id=1258395
- https://bugzilla.suse.com/show_bug.cgi?id=1258518
- https://bugzilla.suse.com/show_bug.cgi?id=1258849
- https://bugzilla.suse.com/show_bug.cgi?id=1258850
- https://bugzilla.suse.com/show_bug.cgi?id=1259857