Security update for the Linux Kernel

Announcement ID: SUSE-SU-2026:21237-1
Release Date: 2026-04-20T15:11:07Z
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2025-39998 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-39998 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2025-68794 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N
  • CVE-2025-68794 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2025-71239 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
  • CVE-2025-71239 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • CVE-2026-23072 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23072 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23072 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23103 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23103 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23103 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23103 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23120 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23120 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23120 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23125 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23125 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23125 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23138 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23138 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23138 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23140 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23140 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23140 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23187 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2026-23187 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2026-23187 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2026-23193 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2026-23193 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23193 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23201 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23201 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23201 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2026-23215 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23215 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23215 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23216 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23216 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23216 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23231 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23231 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23231 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23239 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23239 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23239 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23240 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23240 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23240 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23242 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23242 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23242 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23243 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23255 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23255 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23262 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23262 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2026-23270 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23270 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23272 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23272 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23272 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23274 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23274 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23274 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23277 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23277 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23278 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23278 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23278 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23281 ( SUSE ): 5.4 CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23281 ( SUSE ): 6.3 CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23292 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23292 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23293 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23293 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23304 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23304 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23319 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23319 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23326 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23326 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23335 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
  • CVE-2026-23335 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2026-23343 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23343 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23361 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
  • CVE-2026-23361 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N
  • CVE-2026-23379 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23381 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23383 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23383 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23386 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23386 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23393 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23393 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23393 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23398 ( SUSE ): 5.9 CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23398 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23413 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23413 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2026-23414 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23414 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23419 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23419 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2026-23425 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N
  • CVE-2026-23425 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2026-31788 ( NVD ): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Micro 6.2

An update that solves 49 vulnerabilities, contains four features and has 23 fixes can now be installed.

Description:

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

  • CVE-2025-39998: scsi: target: target_core_configfs: Add length check to avoid buffer overflow (bsc#1252073).
  • CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
  • CVE-2025-68794: iomap: adjust read range correctly for non-block-aligned positions (bsc#1256647).
  • CVE-2025-71239: audit: add fchmodat2() to change attributes class (bsc#1259759).
  • CVE-2026-23072: l2tp: Fix memleak in l2tp_udp_encap_recv() (bsc#1257708).
  • CVE-2026-23103: ipvlan: Make the addrs_lock be per port (bsc#1257773).
  • CVE-2026-23120: l2tp: avoid one data-race in l2tp_tunnel_del_work() (bsc#1258280).
  • CVE-2026-23125: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT (bsc#1258293).
  • CVE-2026-23138: kABI: Preserve values of the trace recursion bits (bsc#1258301).
  • CVE-2026-23140: bpf, test_run: Subtract size of xdp_frame from allowed metadata size (bsc#1258305).
  • CVE-2026-23187: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains (bsc#1258330).
  • CVE-2026-23193: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (bsc#1258414).
  • CVE-2026-23201: ceph: fix oops due to invalid pointer for kfree() in parse_longname() (bsc#1258337).
  • CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
  • CVE-2026-23215: x86/vmware: Fix hypercall clobbers (bsc#1258476).
  • CVE-2026-23216: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (bsc#1258447).
  • CVE-2026-23231: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (bsc#1259188).
  • CVE-2026-23239: espintcp: Fix race condition in espintcp_close() (bsc#1259485).
  • CVE-2026-23240: tls: Fix race condition in tls_sw_cancel_work_tx() (bsc#1259484).
  • CVE-2026-23242: RDMA/siw: Fix potential NULL pointer dereference in header processing (bsc#1259795).
  • CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259797).
  • CVE-2026-23255: net: add proper RCU protection to /proc/net/ptype (bsc#1259891).
  • CVE-2026-23262: gve: Fix stats report corruption on queue count change (bsc#1259870).
  • CVE-2026-23270: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (bsc#1259886).
  • CVE-2026-23272: netfilter: nf_tables: unconditionally bump set->nelems before insertion (bsc#1260009).
  • CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260005).
  • CVE-2026-23277: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (bsc#1259997).
  • CVE-2026-23278: netfilter: nf_tables: always walk all pending catchall elements (bsc#1259998).
  • CVE-2026-23281: wifi: libertas: fix use-after-free in lbs_free_adapter() (bsc#1260464).
  • CVE-2026-23292: scsi: target: Fix recursive locking in __configfs_open_file() (bsc#1260500).
  • CVE-2026-23293: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260486).
  • CVE-2026-23297: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit() (bsc#1260490).
  • CVE-2026-23304: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (bsc#1260544).
  • CVE-2026-23319: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (bsc#1260735).
  • CVE-2026-23326: xsk: Fix fragment node deletion to prevent buffer leak (bsc#1260606).
  • CVE-2026-23335: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (bsc#1260550).
  • CVE-2026-23343: xdp: produce a warning when calculated tailroom is negative (bsc#1260527).
  • CVE-2026-23361: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (bsc#1260732).
  • CVE-2026-23379: net/sched: ets: fix divide by zero in the offload path (bsc#1260481).
  • CVE-2026-23381: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled (bsc#1260471).
  • CVE-2026-23383: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (bsc#1260497).
  • CVE-2026-23386: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (bsc#1260799).
  • CVE-2026-23393: bridge: cfm: Fix race condition in peer_mep deletion (bsc#1260522).
  • CVE-2026-23398: icmp: fix NULL pointer dereference in icmp_tag_validation() (bsc#1260730).
  • CVE-2026-23413: clsact: Fix use-after-free in init/destroy rollback asymmetry (bsc#1261498).
  • CVE-2026-23414: tls: Purge async_hold in tls_decrypt_async_wait() (bsc#1261496).
  • CVE-2026-23419: net/rds: Fix circular locking dependency in rds_tcp_tune (bsc#1261507).
  • CVE-2026-23425: KVM: arm64: Fix ID register initialization for non-protected pKVM guests (bsc#1261506).
  • CVE-2026-31788: xen/privcmd: restrict usage in unprivileged domU (bsc#1259707).

The following non security issues were fixed:

  • KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (bsc#1259461).
  • KVM: x86: synthesize CPUID bits only if CPU capability is set (bsc#1257511).
  • Revert "drm/i915/display: Add quirk to skip retraining of dp link (bsc#1253129)."
  • Update config files (bsc#1254307).
  • apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
  • apparmor: fix differential encoding verification (bsc#1258849).
  • apparmor: fix memory leak in verify_header (bsc#1258849).
  • apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
  • apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
  • apparmor: fix race on rawdata dereference (bsc#1258849).
  • apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
  • apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
  • apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
  • apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
  • apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
  • bpf, btf: Enforce destructor kfunc type with CFI (bsc#1259955).
  • bpf: crypto: Use the correct destructor kfunc type (bsc#1259955).
  • btrfs: only enforce free space tree if v1 cache is required for bs < ps cases (bsc#1260459).
  • btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (bsc#1257777).
  • dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (git-fixes).
  • drm/amdkfd: Unreserve bo if queue update failed (git-fixes).
  • drm/i915/display: Add module param to skip retraining of dp link (bsc#1253129).
  • drm/i915/dsc: Add Selective Update register definitions (stable-fixes).
  • drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (stable-fixes).
  • firmware: microchip: fail auto-update probe if no flash found (git-fixes).
  • kABI: Include trace recursion bits in kABI tracking (bsc#1258301).
  • net: mana: Trigger VF reset/recovery on health check failure due to HWC timeout (bsc#1259580).
  • nvme: add support for dynamic quirk configuration via module parameter (bsc#1243208).
  • nvme: expose active quirks in sysfs (bsc#1243208).
  • nvme: fix memory leak in quirks_param_set() (bsc#1243208).
  • powerpc/crash: adjust the elfcorehdr size (jsc#PED-11175 git-fixes).
  • powerpc/kdump: Fix size calculation for hot-removed memory ranges (jsc#PED-11175 git-fixes).
  • s390/cio: Update purge function to unregister the unused subchannels (bsc#1254214).
  • s390/ipl: Clear SBP flag when bootprog is set (bsc#1258175).
  • s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
  • scsi: fnic: Add Cisco hardware model names (jsc#PED-15441).
  • scsi: fnic: Add and integrate support for FDMI (jsc#PED-15441).
  • scsi: fnic: Add and integrate support for FIP (jsc#PED-15441).
  • scsi: fnic: Add functionality in fnic to support FDLS (jsc#PED-15441).
  • scsi: fnic: Add headers and definitions for FDLS (jsc#PED-15441).
  • scsi: fnic: Add stats and related functionality (jsc#PED-15441).
  • scsi: fnic: Add support for fabric based solicited requests and responses (jsc#PED-15441).
  • scsi: fnic: Add support for target based solicited requests and responses (jsc#PED-15441).
  • scsi: fnic: Add support for unsolicited requests and responses (jsc#PED-15441).
  • scsi: fnic: Add support to handle port channel RSCN (jsc#PED-15441).
  • scsi: fnic: Code cleanup (jsc#PED-15441).
  • scsi: fnic: Delete incorrect debugfs error handling (jsc#PED-15441).
  • scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out (jsc#PED-15441).
  • scsi: fnic: Fix indentation and remove unnecessary parenthesis (jsc#PED-15441).
  • scsi: fnic: Fix missing DMA mapping error in fnic_send_frame() (jsc#PED-15441).
  • scsi: fnic: Fix use of uninitialized value in debug message (jsc#PED-15441).
  • scsi: fnic: Increment driver version (jsc#PED-15441).
  • scsi: fnic: Modify IO path to use FDLS (jsc#PED-15441).
  • scsi: fnic: Modify fnic interfaces to use FDLS (jsc#PED-15441).
  • scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (jsc#PED-15441).
  • scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (jsc#PED-15441).
  • scsi: fnic: Remove extern definition from .c files (jsc#PED-15441).
  • scsi: fnic: Remove unnecessary debug print (jsc#PED-15441).
  • scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (jsc#PED-15441).
  • scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (jsc#PED-15441).
  • scsi: fnic: Remove unnecessary spinlock locking and unlocking (jsc#PED-15441).
  • scsi: fnic: Replace fnic->lock_flags with local flags (jsc#PED-15441).
  • scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (jsc#PED-15441).
  • scsi: fnic: Replace use of sizeof with standard usage (jsc#PED-15441).
  • scsi: fnic: Return appropriate error code for mem alloc failure (jsc#PED-15441).
  • scsi: fnic: Return appropriate error code from failure of scsi drv init (jsc#PED-15441).
  • scsi: fnic: Test for memory allocation failure and return error code (jsc#PED-15441).
  • scsi: fnic: Turn off FDMI ACTIVE flags on link down (jsc#PED-15441).
  • scsi: hisi_sas: Fix NULL pointer exception during user_scan() (bsc#1255687).
  • scsi: scsi_transport_sas: Fix the maximum channel scanning issue (bsc#1255687, git-fixes).
  • scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() (git-fixes, jsc#PED-15042).
  • selftests/bpf: Use the correct destructor kfunc type (bsc#1259955).
  • selftests/powerpc: Suppress -Wmaybe-uninitialized with GCC 15 (bsc#1261669 ltc#212590).
  • tg3: Fix race for querying speed/duplex (bsc#1257183).
  • x86/platform/uv: Handle deconfigured sockets (bsc#1260347).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Micro 6.2
    zypper in -t patch SUSE-SL-Micro-6.2-596=1

Package List:

  • SUSE Linux Micro 6.2 (noarch)
    • kernel-macros-6.12.0-160000.28.1
    • kernel-devel-6.12.0-160000.28.1
    • kernel-source-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64)
    • kernel-default-base-6.12.0-160000.27.1.160000.2.8
  • SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc)
    • kernel-default-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
    • kernel-default-debuginfo-6.12.0-160000.28.1
    • kernel-default-extra-6.12.0-160000.28.1
    • kernel-default-devel-6.12.0-160000.28.1
    • kernel-default-debugsource-6.12.0-160000.28.1
    • kernel-default-extra-debuginfo-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (x86_64)
    • kernel-rt-devel-debuginfo-6.12.0-160000.28.1
    • kernel-rt-livepatch-6.12.0-160000.28.1
    • kernel-default-devel-debuginfo-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (ppc64le s390x x86_64)
    • kernel-default-livepatch-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (aarch64 nosrc x86_64)
    • kernel-rt-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (aarch64 x86_64)
    • kernel-rt-devel-6.12.0-160000.28.1
    • kernel-rt-debugsource-6.12.0-160000.28.1
    • kernel-rt-debuginfo-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (aarch64 nosrc)
    • kernel-64kb-6.12.0-160000.28.1
  • SUSE Linux Micro 6.2 (aarch64)
    • kernel-64kb-debugsource-6.12.0-160000.28.1
    • kernel-64kb-devel-6.12.0-160000.28.1
    • kernel-64kb-debuginfo-6.12.0-160000.28.1

References: