Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:0033-1
Release Date:	2026-01-05T19:26:53Z
Rating:	important
References:	bsc#1249806 bsc#1251786 bsc#1252033 bsc#1252267 bsc#1252780 bsc#1252862 bsc#1253367 bsc#1253431 bsc#1253436
Cross-References:	CVE-2022-50280 CVE-2023-53676 CVE-2025-39967 CVE-2025-40040 CVE-2025-40048 CVE-2025-40121 CVE-2025-40154 CVE-2025-40204
CVSS scores:	CVE-2022-50280 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50280 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53676 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2023-53676 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39967 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39967 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40121 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40121 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-40154 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40154 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-40204 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-40204 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products:	SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves eight vulnerabilities and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2022-50280: pnode: terminate at peers of source (bsc#1249806).
• CVE-2023-53676: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() (bsc#1251786).
• CVE-2025-39967: fbcon: fix integer overflow in fbcon_do_set_font (bsc#1252033).
• CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
• CVE-2025-40048: uio_hv_generic: Let userspace take care of interrupt mask (bsc#1252862).
• CVE-2025-40121: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (bsc#1253367).
• CVE-2025-40154: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (bsc#1253431).
• CVE-2025-40204: sctp: Fix MAC comparison to be constant-time (bsc#1253436).

The following non-security bugs were fixed:

• scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-33=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-33=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-33=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-33=1

Package List:

• SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
  • kernel-rt-debugsource-5.14.21-150400.15.139.2
  • kernel-rt-debuginfo-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
  • kernel-source-rt-5.14.21-150400.15.139.1
• SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro 5.3 (x86_64)
  • kernel-rt-debugsource-5.14.21-150400.15.139.2
  • kernel-rt-debuginfo-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro 5.3 (noarch)
  • kernel-source-rt-5.14.21-150400.15.139.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
  • kernel-rt-debugsource-5.14.21-150400.15.139.2
  • kernel-rt-debuginfo-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
  • kernel-source-rt-5.14.21-150400.15.139.1
• SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro 5.4 (x86_64)
  • kernel-rt-debugsource-5.14.21-150400.15.139.2
  • kernel-rt-debuginfo-5.14.21-150400.15.139.2
• SUSE Linux Enterprise Micro 5.4 (noarch)
  • kernel-source-rt-5.14.21-150400.15.139.1

References:

• https://www.suse.com/security/cve/CVE-2022-50280.html
• https://www.suse.com/security/cve/CVE-2023-53676.html
• https://www.suse.com/security/cve/CVE-2025-39967.html
• https://www.suse.com/security/cve/CVE-2025-40040.html
• https://www.suse.com/security/cve/CVE-2025-40048.html
• https://www.suse.com/security/cve/CVE-2025-40121.html
• https://www.suse.com/security/cve/CVE-2025-40154.html
• https://www.suse.com/security/cve/CVE-2025-40204.html
• https://bugzilla.suse.com/show_bug.cgi?id=1249806
• https://bugzilla.suse.com/show_bug.cgi?id=1251786
• https://bugzilla.suse.com/show_bug.cgi?id=1252033
• https://bugzilla.suse.com/show_bug.cgi?id=1252267
• https://bugzilla.suse.com/show_bug.cgi?id=1252780
• https://bugzilla.suse.com/show_bug.cgi?id=1252862
• https://bugzilla.suse.com/show_bug.cgi?id=1253367
• https://bugzilla.suse.com/show_bug.cgi?id=1253431
• https://bugzilla.suse.com/show_bug.cgi?id=1253436