Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:0352-1
Release Date:	2026-01-30T14:05:24Z
Rating:	important
References:	bsc#1207051 bsc#1253291 bsc#1253292 bsc#1254959 bsc#1256053 bsc#1256353
Cross-References:	CVE-2023-23559 CVE-2023-54110 CVE-2023-54168 CVE-2025-40018 CVE-2025-40215
CVSS scores:	CVE-2023-23559 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23559 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-54110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-54168 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40215 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40215 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

An update that solves five vulnerabilities and has one security fix can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2023-54168: RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (bsc#1256053).
• CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1253291 bsc#1253292).
• CVE-2025-40215: kABI: xfrm: delete x->tunnel as we delete x (bsc#1254959).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
  zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-352=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-352=1

Package List:

• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
  • kernel-ec2-3.0.101-108.198.1
  • kernel-xen-3.0.101-108.198.1
  • kernel-default-3.0.101-108.198.1
  • kernel-trace-3.0.101-108.198.1
• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
  • kernel-xen-devel-debuginfo-3.0.101-108.198.1
  • kernel-default-debuginfo-3.0.101-108.198.1
  • kernel-ec2-debuginfo-3.0.101-108.198.1
  • kernel-default-devel-3.0.101-108.198.1
  • kernel-xen-devel-3.0.101-108.198.1
  • kernel-trace-debugsource-3.0.101-108.198.1
  • kernel-trace-devel-3.0.101-108.198.1
  • kernel-ec2-devel-3.0.101-108.198.1
  • kernel-ec2-debugsource-3.0.101-108.198.1
  • kernel-trace-debuginfo-3.0.101-108.198.1
  • kernel-source-3.0.101-108.198.1
  • kernel-xen-debugsource-3.0.101-108.198.1
  • kernel-syms-3.0.101-108.198.1
  • kernel-trace-devel-debuginfo-3.0.101-108.198.1
  • kernel-default-debugsource-3.0.101-108.198.1
  • kernel-trace-base-3.0.101-108.198.1
  • kernel-default-devel-debuginfo-3.0.101-108.198.1
  • kernel-xen-debuginfo-3.0.101-108.198.1
  • kernel-default-base-3.0.101-108.198.1
  • kernel-xen-base-3.0.101-108.198.1
  • kernel-ec2-devel-debuginfo-3.0.101-108.198.1
  • kernel-ec2-base-3.0.101-108.198.1
• SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (noarch nosrc)
  • kernel-docs-3.0.101-108.198.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
  • kernel-ec2-3.0.101-108.198.1
  • kernel-xen-3.0.101-108.198.1
  • kernel-default-3.0.101-108.198.1
  • kernel-trace-3.0.101-108.198.1
• SUSE Linux Enterprise Server 11 SP4 (x86_64)
  • kernel-xen-devel-debuginfo-3.0.101-108.198.1
  • kernel-default-debuginfo-3.0.101-108.198.1
  • kernel-ec2-debuginfo-3.0.101-108.198.1
  • kernel-default-devel-3.0.101-108.198.1
  • kernel-xen-devel-3.0.101-108.198.1
  • kernel-trace-debugsource-3.0.101-108.198.1
  • kernel-trace-devel-3.0.101-108.198.1
  • kernel-ec2-devel-3.0.101-108.198.1
  • kernel-ec2-debugsource-3.0.101-108.198.1
  • kernel-trace-debuginfo-3.0.101-108.198.1
  • kernel-source-3.0.101-108.198.1
  • kernel-xen-debugsource-3.0.101-108.198.1
  • kernel-syms-3.0.101-108.198.1
  • kernel-trace-devel-debuginfo-3.0.101-108.198.1
  • kernel-default-debugsource-3.0.101-108.198.1
  • kernel-trace-base-3.0.101-108.198.1
  • kernel-default-devel-debuginfo-3.0.101-108.198.1
  • kernel-xen-debuginfo-3.0.101-108.198.1
  • kernel-default-base-3.0.101-108.198.1
  • kernel-xen-base-3.0.101-108.198.1
  • kernel-ec2-devel-debuginfo-3.0.101-108.198.1
  • kernel-ec2-base-3.0.101-108.198.1
• SUSE Linux Enterprise Server 11 SP4 (noarch nosrc)
  • kernel-docs-3.0.101-108.198.1

References:

• https://www.suse.com/security/cve/CVE-2023-23559.html
• https://www.suse.com/security/cve/CVE-2023-54110.html
• https://www.suse.com/security/cve/CVE-2023-54168.html
• https://www.suse.com/security/cve/CVE-2025-40018.html
• https://www.suse.com/security/cve/CVE-2025-40215.html
• https://bugzilla.suse.com/show_bug.cgi?id=1207051
• https://bugzilla.suse.com/show_bug.cgi?id=1253291
• https://bugzilla.suse.com/show_bug.cgi?id=1253292
• https://bugzilla.suse.com/show_bug.cgi?id=1254959
• https://bugzilla.suse.com/show_bug.cgi?id=1256053
• https://bugzilla.suse.com/show_bug.cgi?id=1256353