Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:1041-1
Release Date:	2026-03-25T14:13:36Z
Rating:	important
References:	bsc#1226591 bsc#1241345 bsc#1243055 bsc#1245728 bsc#1249998 bsc#1251135 bsc#1251186 bsc#1251966 bsc#1251971 bsc#1252266 bsc#1252911 bsc#1252924 bsc#1253049 bsc#1254306 bsc#1254992 bsc#1255084 bsc#1256564 bsc#1256645 bsc#1256690 bsc#1256716 bsc#1257231 bsc#1257466 bsc#1257472 bsc#1257473 bsc#1257732 bsc#1257735 bsc#1257749 bsc#1257790 bsc#1257891 bsc#1257952 bsc#1258181 bsc#1258338 bsc#1258340 bsc#1258376 bsc#1258377 bsc#1258395 bsc#1258424 bsc#1258464 bsc#1258518 bsc#1258524 bsc#1258832 bsc#1258849 bsc#1258850 bsc#1258928 bsc#1259070 bsc#1259857
Cross-References:	CVE-2023-53817 CVE-2024-38542 CVE-2025-37861 CVE-2025-39817 CVE-2025-39964 CVE-2025-40099 CVE-2025-40103 CVE-2025-40253 CVE-2025-71066 CVE-2025-71113 CVE-2025-71231 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23111 CVE-2026-23141 CVE-2026-23157 CVE-2026-23191 CVE-2026-23202 CVE-2026-23204 CVE-2026-23207 CVE-2026-23209 CVE-2026-23214 CVE-2026-23268 CVE-2026-23269
CVSS scores:	CVE-2023-53817 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2023-53817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-38542 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2024-38542 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-37861 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-37861 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-37861 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39817 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39817 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-39964 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39964 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-39964 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-40099 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40099 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-40103 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-40103 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-40253 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-71113 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-71113 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-71231 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-71231 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-71231 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23060 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23089 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23111 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23111 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23141 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23141 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23141 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23157 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23157 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23157 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23202 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23202 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23202 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23207 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23207 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23207 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23214 ( SUSE ): 5.1 CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23214 ( SUSE ): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-23214 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23269 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected Products:	openSUSE Leap 15.6 SUSE Linux Enterprise High Availability Extension 15 SP6 SUSE Linux Enterprise Live Patching 15-SP6 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP6 LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 27 vulnerabilities and has 19 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

• CVE-2023-53817: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() (bsc#1254992).
• CVE-2024-38542: RDMA/mana_ib: boundary check before installing cq callbacks (bsc#1226591).
• CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055).
• CVE-2025-39817: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (bsc#1249998).
• CVE-2025-39964: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (bsc#1251966).
• CVE-2025-40099: cifs: parse_dfs_referrals: prevent oob on malformed input (bsc#1252911).
• CVE-2025-40103: smb: client: Fix refcount leak for cifs_sb_tlink (bsc#1252924).
• CVE-2025-40253: s390/ctcm: Fix double-kfree (bsc#1255084).
• CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
• CVE-2025-71113: crypto: af_alg - zero initialize memory allocated via sock_kmalloc (bsc#1256716).
• CVE-2025-71231: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode (bsc#1258424).
• CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
• CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
• CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
• CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
• CVE-2026-23111: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() (bsc#1258181).
• CVE-2026-23141: btrfs: send: check for inline extents in range_is_hole_in_parent() (bsc#1258377).
• CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
• CVE-2026-23204: net/sched: cls_u32: use skb_header_pointer_careful() (bsc#1258340).
• CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
• CVE-2026-23214: btrfs: reject new transactions if the fs is fully read-only (bsc#1258464).
• CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
• CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).

The following non-security bugs were fixed:

• Add bugnumber to existing mana change (bsc#1251971).
• Drivers: hv: fix missing kernel-doc description for 'size' in request_arr_init() (git-fixes).
• Drivers: hv: remove stale comment (git-fixes).
• Drivers: hv: vmbus: Clean up sscanf format specifier in target_cpu_store() (git-fixes).
• Drivers: hv: vmbus: Fix sysfs output format for ring buffer index (git-fixes).
• Drivers: hv: vmbus: Fix typos in vmbus_drv.c (git-fixes).
• PCI: hv: Correct a comment (git-fixes).
• PCI: hv: Remove unnecessary flex array in struct pci_packet (git-fixes).
• PCI: hv: Remove unused field pci_bus in struct hv_pcibus_device (git-fixes).
• PCI: hv: remove unnecessary module_init/exit functions (git-fixes).
• RDMA/mana_ib: Access remote atomic for MRs (bsc#1251135).
• RDMA/mana_ib: Add EQ creation for rnic adapter (git-fixes).
• RDMA/mana_ib: Add device statistics support (git-fixes).
• RDMA/mana_ib: Add device-memory support (git-fixes).
• RDMA/mana_ib: Add port statistics support (git-fixes).
• RDMA/mana_ib: Add support of 4M, 1G, and 2G pages (git-fixes).
• RDMA/mana_ib: Add support of mana_ib for RNIC and ETH nic (git-fixes).
• RDMA/mana_ib: Adding and deleting GIDs (git-fixes).
• RDMA/mana_ib: Allow registration of DMA-mapped memory in PDs (git-fixes).
• RDMA/mana_ib: Configure mac address in RNIC (git-fixes).
• RDMA/mana_ib: Create and destroy RC QP (git-fixes).
• RDMA/mana_ib: Create and destroy UD/GSI QP (git-fixes).
• RDMA/mana_ib: Create and destroy rnic adapter (git-fixes).
• RDMA/mana_ib: Drain send wrs of GSI QP (git-fixes).
• RDMA/mana_ib: Enable RoCE on port 1 (git-fixes).
• RDMA/mana_ib: Extend modify QP (git-fixes).
• RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes).
• RDMA/mana_ib: Fix error code in probe() (git-fixes).
• RDMA/mana_ib: Fix integer overflow during queue creation (bsc#1251135).
• RDMA/mana_ib: Fix missing ret value (git-fixes).
• RDMA/mana_ib: Handle net event for pointing to the current netdev (bsc#1256690).
• RDMA/mana_ib: Implement DMABUF MR support (git-fixes).
• RDMA/mana_ib: Implement port parameters (git-fixes).
• RDMA/mana_ib: Implement uapi to create and destroy RC QP (git-fixes).
• RDMA/mana_ib: Introduce helpers to create and destroy mana queues (git-fixes).
• RDMA/mana_ib: Introduce mana_ib_get_netdev helper function (git-fixes).
• RDMA/mana_ib: Introduce mana_ib_install_cq_cb helper function (git-fixes).
• RDMA/mana_ib: Introduce mdev_to_gc helper function (git-fixes).
• RDMA/mana_ib: Modify QP state (git-fixes).
• RDMA/mana_ib: Process QP error events in mana_ib (git-fixes).
• RDMA/mana_ib: Query feature_flags bitmask from FW (git-fixes).
• RDMA/mana_ib: Set correct device into ib (git-fixes).
• RDMA/mana_ib: Take CQ type from the device type (git-fixes).
• RDMA/mana_ib: UD/GSI QP creation for kernel (git-fixes).
• RDMA/mana_ib: UD/GSI work requests (git-fixes).
• RDMA/mana_ib: Use num_comp_vectors of ib_device (git-fixes).
• RDMA/mana_ib: Use safer allocation function() (bsc#1251135).
• RDMA/mana_ib: Use struct mana_ib_queue for CQs (git-fixes).
• RDMA/mana_ib: Use struct mana_ib_queue for RAW QPs (git-fixes).
• RDMA/mana_ib: Use struct mana_ib_queue for WQs (git-fixes).
• RDMA/mana_ib: add additional port counters (bsc#1251135).
• RDMA/mana_ib: add support of multiple ports (bsc#1251135).
• RDMA/mana_ib: check cqe length for kernel CQs (git-fixes).
• RDMA/mana_ib: create EQs for RNIC CQs (git-fixes).
• RDMA/mana_ib: create and destroy RNIC cqs (git-fixes).
• RDMA/mana_ib: create kernel-level CQs (git-fixes).
• RDMA/mana_ib: create/destroy AH (git-fixes).
• RDMA/mana_ib: extend mana QP table (git-fixes).
• RDMA/mana_ib: extend query device (git-fixes).
• RDMA/mana_ib: helpers to allocate kernel queues (git-fixes).
• RDMA/mana_ib: implement get_dma_mr (git-fixes).
• RDMA/mana_ib: implement req_notify_cq (git-fixes).
• RDMA/mana_ib: implement uapi for creation of rnic cq (git-fixes).
• RDMA/mana_ib: indicate CM support (git-fixes).
• RDMA/mana_ib: introduce a helper to remove cq callbacks (git-fixes).
• RDMA/mana_ib: polling of CQs for GSI/UD (git-fixes).
• RDMA/mana_ib: remove useless return values from dbg prints (git-fixes).
• RDMA/mana_ib: request error CQEs when supported (git-fixes).
• RDMA/mana_ib: set node_guid (git-fixes).
• RDMA/mana_ib: support of the zero based MRs (bsc#1251135).
• RDMA/mana_ib: unify mana_ib functions to support any gdma device (git-fixes).
• apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
• apparmor: fix differential encoding verification (bsc#1258849).
• apparmor: fix memory leak in verify_header (bsc#1258849).
• apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
• apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
• apparmor: fix race on rawdata dereference (bsc#1258849).
• apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
• apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
• apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
• apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
• apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
• btrfs: scrub: always update btrfs_scrub_progress::last_physical (git-fixes).
• cifs: add xid to query server interface call (git-fixes).
• clocksource: Print durations for sync check unconditionally (bsc#1241345).
• clocksource: Reduce watchdog readout delay limit to prevent false positives (bsc#1241345).
• hv/hv_kvp_daemon: Handle IPv4 and Ipv6 combination for keyfile format (git-fixes).
• hv/hv_kvp_daemon: Pass NIC name to hv_get_dns_info as well (git-fixes).
• net/mana: Null service_wq on setup error to prevent double destroy (git-fix).
• net: mana: Add metadata support for xdp mode (git-fixes).
• net: mana: Add standard counter rx_missed_errors (git-fixes).
• net: mana: Add support for auxiliary device servicing events (bsc#1251971).
• net: mana: Change the function signature of mana_get_primary_netdev_rcu (bsc#1256690).
• net: mana: Drop TX skb on post_work_request failure and unmap resources (git-fixes).
• net: mana: Fix double destroy_workqueue on service rescan PCI path (git-fixes).
• net: mana: Fix use-after-free in reset service rescan path (git-fixes).
• net: mana: Fix warnings for missing export.h header inclusion (git-fixes).
• net: mana: Handle Reset Request from MANA NIC (bsc#1245728 bsc#1251971).
• net: mana: Handle SKB if TX SGEs exceed hardware limit (git-fixes).
• net: mana: Handle hardware recovery events when probing the device (bsc#1257466).
• net: mana: Handle unsupported HWC commands (git-fixes).
• net: mana: Implement ndo_tx_timeout and serialize queue resets per port (bsc#1257472).
• net: mana: Move hardware counter stats from per-port to per-VF context (git-fixes).
• net: mana: Probe rdma device in mana driver (git-fixes).
• net: mana: Reduce waiting time if HWC not responding (bsc#1252266).
• net: mana: Ring doorbell at 4 CQ wraparounds (git-fixes).
• net: mana: Support HW link state events (bsc#1253049).
• net: mana: Use mana_cleanup_port_context() for rxq cleanup (git-fixes).
• net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes).
• net: mana: use ethtool string helpers (git-fixes).
• s390: Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP (bsc#1254306).
• scsi: mpi3mr: Event processing debug improvement (bsc#1251186, bsc#1258832).
• scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (git-fixes).
• scsi: storvsc: Remove redundant ternary operators (git-fixes).
• shrink_slab_memcg: clear_bits of skipped shrinkers (bsc#1256564).
• spi: tegra210-quad: Move curr_xfer read inside spinlock (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer assignment in (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer check in IRQ handler (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer clearing in (bsc#1257952)
• spi: tegra210-quad: Protect curr_xfer in tegra_qspi_combined_seq_xfer (bsc#1257952)
• spi: tegra210-quad: Return IRQ_HANDLED when timeout already processed (bsc#1257952)
• tools/hv: add a .gitignore file (git-fixes).
• tools/hv: reduce resouce usage in hv_get_dns_info helper (git-fixes).
• tools/hv: reduce resource usage in hv_kvp_daemon (git-fixes).
• tools: hv: Enable debug logs for hv_kvp_daemon (git-fixes).
• tools: hv: lsvmbus: change shebang to use python3 (git-fixes).
• workqueue: mark power efficient workqueue as unbounded if (bsc#1257891)

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.6
  zypper in -t patch SUSE-2026-1041=1 openSUSE-SLE-15.6-2026-1041=1
• SUSE Linux Enterprise High Availability Extension 15 SP6
  zypper in -t patch SUSE-SLE-Product-HA-15-SP6-2026-1041=1
• SUSE Linux Enterprise Server 15 SP6 LTSS
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1041=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP6
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1041=1
• SUSE Linux Enterprise Live Patching 15-SP6
  zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP6-2026-1041=1

Package List:

• openSUSE Leap 15.6 (ppc64le s390x x86_64)
  • kernel-livepatch-6_4_0-150600_23_92-default-1-150600.13.5.1
  • kernel-livepatch-SLE15-SP6_Update_21-debugsource-1-150600.13.5.1
  • kernel-default-livepatch-devel-6.4.0-150600.23.92.1
  • kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-1-150600.13.5.1
• openSUSE Leap 15.6 (noarch nosrc)
  • kernel-docs-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (noarch)
  • kernel-docs-html-6.4.0-150600.23.92.1
  • kernel-source-vanilla-6.4.0-150600.23.92.1
  • kernel-source-6.4.0-150600.23.92.1
  • kernel-macros-6.4.0-150600.23.92.1
  • kernel-devel-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (nosrc ppc64le x86_64)
  • kernel-debug-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (ppc64le x86_64)
  • kernel-debug-debuginfo-6.4.0-150600.23.92.1
  • kernel-debug-devel-debuginfo-6.4.0-150600.23.92.1
  • kernel-debug-debugsource-6.4.0-150600.23.92.1
  • kernel-debug-devel-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (x86_64)
  • kernel-default-vdso-debuginfo-6.4.0-150600.23.92.1
  • kernel-kvmsmall-vdso-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-vdso-6.4.0-150600.23.92.1
  • kernel-debug-vdso-debuginfo-6.4.0-150600.23.92.1
  • kernel-kvmsmall-vdso-6.4.0-150600.23.92.1
  • kernel-debug-vdso-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (aarch64 ppc64le x86_64)
  • kernel-kvmsmall-devel-debuginfo-6.4.0-150600.23.92.1
  • kernel-kvmsmall-debugsource-6.4.0-150600.23.92.1
  • kernel-kvmsmall-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-base-rebuild-6.4.0-150600.23.92.1.150600.12.42.2
  • kernel-kvmsmall-devel-6.4.0-150600.23.92.1
  • kernel-default-base-6.4.0-150600.23.92.1.150600.12.42.2
• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
  • gfs2-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-extra-6.4.0-150600.23.92.1
  • kernel-default-livepatch-6.4.0-150600.23.92.1
  • kernel-obs-build-6.4.0-150600.23.92.1
  • kernel-default-debuginfo-6.4.0-150600.23.92.1
  • cluster-md-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-obs-build-debugsource-6.4.0-150600.23.92.1
  • cluster-md-kmp-default-6.4.0-150600.23.92.1
  • dlm-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-devel-6.4.0-150600.23.92.1
  • reiserfs-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-devel-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-debugsource-6.4.0-150600.23.92.1
  • kernel-syms-6.4.0-150600.23.92.1
  • dlm-kmp-default-6.4.0-150600.23.92.1
  • kernel-default-optional-6.4.0-150600.23.92.1
  • kselftests-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-obs-qa-6.4.0-150600.23.92.1
  • reiserfs-kmp-default-6.4.0-150600.23.92.1
  • ocfs2-kmp-default-6.4.0-150600.23.92.1
  • kernel-default-extra-debuginfo-6.4.0-150600.23.92.1
  • ocfs2-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-optional-debuginfo-6.4.0-150600.23.92.1
  • gfs2-kmp-default-6.4.0-150600.23.92.1
  • kselftests-kmp-default-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (aarch64 nosrc ppc64le x86_64)
  • kernel-kvmsmall-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (nosrc s390x)
  • kernel-zfcpdump-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (s390x)
  • kernel-zfcpdump-debuginfo-6.4.0-150600.23.92.1
  • kernel-zfcpdump-debugsource-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (nosrc)
  • dtb-aarch64-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (aarch64)
  • dtb-amazon-6.4.0-150600.23.92.1
  • dtb-amd-6.4.0-150600.23.92.1
  • dtb-sprd-6.4.0-150600.23.92.1
  • dtb-rockchip-6.4.0-150600.23.92.1
  • dtb-socionext-6.4.0-150600.23.92.1
  • dlm-kmp-64kb-debuginfo-6.4.0-150600.23.92.1
  • dtb-apple-6.4.0-150600.23.92.1
  • gfs2-kmp-64kb-6.4.0-150600.23.92.1
  • kselftests-kmp-64kb-6.4.0-150600.23.92.1
  • reiserfs-kmp-64kb-6.4.0-150600.23.92.1
  • dtb-mediatek-6.4.0-150600.23.92.1
  • dtb-cavium-6.4.0-150600.23.92.1
  • dtb-amlogic-6.4.0-150600.23.92.1
  • reiserfs-kmp-64kb-debuginfo-6.4.0-150600.23.92.1
  • dtb-apm-6.4.0-150600.23.92.1
  • kernel-64kb-optional-6.4.0-150600.23.92.1
  • dtb-arm-6.4.0-150600.23.92.1
  • kernel-64kb-debuginfo-6.4.0-150600.23.92.1
  • dtb-renesas-6.4.0-150600.23.92.1
  • kernel-64kb-devel-6.4.0-150600.23.92.1
  • dtb-hisilicon-6.4.0-150600.23.92.1
  • kernel-64kb-debugsource-6.4.0-150600.23.92.1
  • cluster-md-kmp-64kb-6.4.0-150600.23.92.1
  • kernel-64kb-extra-6.4.0-150600.23.92.1
  • kernel-64kb-devel-debuginfo-6.4.0-150600.23.92.1
  • kernel-64kb-extra-debuginfo-6.4.0-150600.23.92.1
  • kselftests-kmp-64kb-debuginfo-6.4.0-150600.23.92.1
  • dtb-freescale-6.4.0-150600.23.92.1
  • dtb-qcom-6.4.0-150600.23.92.1
  • gfs2-kmp-64kb-debuginfo-6.4.0-150600.23.92.1
  • cluster-md-kmp-64kb-debuginfo-6.4.0-150600.23.92.1
  • dtb-exynos-6.4.0-150600.23.92.1
  • dtb-broadcom-6.4.0-150600.23.92.1
  • dtb-altera-6.4.0-150600.23.92.1
  • dtb-marvell-6.4.0-150600.23.92.1
  • kernel-64kb-optional-debuginfo-6.4.0-150600.23.92.1
  • ocfs2-kmp-64kb-6.4.0-150600.23.92.1
  • dtb-nvidia-6.4.0-150600.23.92.1
  • dlm-kmp-64kb-6.4.0-150600.23.92.1
  • ocfs2-kmp-64kb-debuginfo-6.4.0-150600.23.92.1
  • dtb-lg-6.4.0-150600.23.92.1
  • dtb-allwinner-6.4.0-150600.23.92.1
  • dtb-xilinx-6.4.0-150600.23.92.1
• openSUSE Leap 15.6 (aarch64 nosrc)
  • kernel-64kb-6.4.0-150600.23.92.1
• SUSE Linux Enterprise High Availability Extension 15 SP6 (nosrc)
  • kernel-default-6.4.0-150600.23.92.1
• SUSE Linux Enterprise High Availability Extension 15 SP6 (aarch64 ppc64le s390x x86_64)
  • kernel-default-debugsource-6.4.0-150600.23.92.1
  • kernel-default-debuginfo-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
  • gfs2-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • reiserfs-kmp-default-6.4.0-150600.23.92.1
  • ocfs2-kmp-default-6.4.0-150600.23.92.1
  • kernel-default-debugsource-6.4.0-150600.23.92.1
  • kernel-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-obs-build-6.4.0-150600.23.92.1
  • cluster-md-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-syms-6.4.0-150600.23.92.1
  • gfs2-kmp-default-6.4.0-150600.23.92.1
  • kernel-obs-build-debugsource-6.4.0-150600.23.92.1
  • dlm-kmp-default-6.4.0-150600.23.92.1
  • cluster-md-kmp-default-6.4.0-150600.23.92.1
  • ocfs2-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • dlm-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-devel-6.4.0-150600.23.92.1
  • reiserfs-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-devel-debuginfo-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 nosrc)
  • kernel-64kb-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64)
  • kernel-64kb-debuginfo-6.4.0-150600.23.92.1
  • kernel-64kb-devel-6.4.0-150600.23.92.1
  • kernel-64kb-devel-debuginfo-6.4.0-150600.23.92.1
  • kernel-64kb-debugsource-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64 nosrc)
  • kernel-default-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le x86_64)
  • kernel-default-base-6.4.0-150600.23.92.1.150600.12.42.2
• SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)
  • kernel-devel-6.4.0-150600.23.92.1
  • kernel-source-6.4.0-150600.23.92.1
  • kernel-macros-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (noarch nosrc)
  • kernel-docs-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (nosrc s390x)
  • kernel-zfcpdump-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server 15 SP6 LTSS (s390x)
  • kernel-zfcpdump-debuginfo-6.4.0-150600.23.92.1
  • kernel-zfcpdump-debugsource-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
  • gfs2-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • reiserfs-kmp-default-6.4.0-150600.23.92.1
  • ocfs2-kmp-default-6.4.0-150600.23.92.1
  • kernel-default-debugsource-6.4.0-150600.23.92.1
  • kernel-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-obs-build-6.4.0-150600.23.92.1
  • cluster-md-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-syms-6.4.0-150600.23.92.1
  • gfs2-kmp-default-6.4.0-150600.23.92.1
  • kernel-obs-build-debugsource-6.4.0-150600.23.92.1
  • dlm-kmp-default-6.4.0-150600.23.92.1
  • cluster-md-kmp-default-6.4.0-150600.23.92.1
  • ocfs2-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • dlm-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-devel-6.4.0-150600.23.92.1
  • reiserfs-kmp-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-devel-debuginfo-6.4.0-150600.23.92.1
  • kernel-default-base-6.4.0-150600.23.92.1.150600.12.42.2
• SUSE Linux Enterprise Server for SAP Applications 15 SP6 (nosrc ppc64le x86_64)
  • kernel-default-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch)
  • kernel-devel-6.4.0-150600.23.92.1
  • kernel-source-6.4.0-150600.23.92.1
  • kernel-macros-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch nosrc)
  • kernel-docs-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Live Patching 15-SP6 (nosrc)
  • kernel-default-6.4.0-150600.23.92.1
• SUSE Linux Enterprise Live Patching 15-SP6 (ppc64le s390x x86_64)
  • kernel-default-livepatch-6.4.0-150600.23.92.1
  • kernel-livepatch-6_4_0-150600_23_92-default-debuginfo-1-150600.13.5.1
  • kernel-default-debugsource-6.4.0-150600.23.92.1
  • kernel-default-debuginfo-6.4.0-150600.23.92.1
  • kernel-livepatch-6_4_0-150600_23_92-default-1-150600.13.5.1
  • kernel-livepatch-SLE15-SP6_Update_21-debugsource-1-150600.13.5.1
  • kernel-default-livepatch-devel-6.4.0-150600.23.92.1

References:

• https://www.suse.com/security/cve/CVE-2023-53817.html
• https://www.suse.com/security/cve/CVE-2024-38542.html
• https://www.suse.com/security/cve/CVE-2025-37861.html
• https://www.suse.com/security/cve/CVE-2025-39817.html
• https://www.suse.com/security/cve/CVE-2025-39964.html
• https://www.suse.com/security/cve/CVE-2025-40099.html
• https://www.suse.com/security/cve/CVE-2025-40103.html
• https://www.suse.com/security/cve/CVE-2025-40253.html
• https://www.suse.com/security/cve/CVE-2025-71066.html
• https://www.suse.com/security/cve/CVE-2025-71113.html
• https://www.suse.com/security/cve/CVE-2025-71231.html
• https://www.suse.com/security/cve/CVE-2026-23004.html
• https://www.suse.com/security/cve/CVE-2026-23054.html
• https://www.suse.com/security/cve/CVE-2026-23060.html
• https://www.suse.com/security/cve/CVE-2026-23074.html
• https://www.suse.com/security/cve/CVE-2026-23089.html
• https://www.suse.com/security/cve/CVE-2026-23111.html
• https://www.suse.com/security/cve/CVE-2026-23141.html
• https://www.suse.com/security/cve/CVE-2026-23157.html
• https://www.suse.com/security/cve/CVE-2026-23191.html
• https://www.suse.com/security/cve/CVE-2026-23202.html
• https://www.suse.com/security/cve/CVE-2026-23204.html
• https://www.suse.com/security/cve/CVE-2026-23207.html
• https://www.suse.com/security/cve/CVE-2026-23209.html
• https://www.suse.com/security/cve/CVE-2026-23214.html
• https://www.suse.com/security/cve/CVE-2026-23268.html
• https://www.suse.com/security/cve/CVE-2026-23269.html
• https://bugzilla.suse.com/show_bug.cgi?id=1226591
• https://bugzilla.suse.com/show_bug.cgi?id=1241345
• https://bugzilla.suse.com/show_bug.cgi?id=1243055
• https://bugzilla.suse.com/show_bug.cgi?id=1245728
• https://bugzilla.suse.com/show_bug.cgi?id=1249998
• https://bugzilla.suse.com/show_bug.cgi?id=1251135
• https://bugzilla.suse.com/show_bug.cgi?id=1251186
• https://bugzilla.suse.com/show_bug.cgi?id=1251966
• https://bugzilla.suse.com/show_bug.cgi?id=1251971
• https://bugzilla.suse.com/show_bug.cgi?id=1252266
• https://bugzilla.suse.com/show_bug.cgi?id=1252911
• https://bugzilla.suse.com/show_bug.cgi?id=1252924
• https://bugzilla.suse.com/show_bug.cgi?id=1253049
• https://bugzilla.suse.com/show_bug.cgi?id=1254306
• https://bugzilla.suse.com/show_bug.cgi?id=1254992
• https://bugzilla.suse.com/show_bug.cgi?id=1255084
• https://bugzilla.suse.com/show_bug.cgi?id=1256564
• https://bugzilla.suse.com/show_bug.cgi?id=1256645
• https://bugzilla.suse.com/show_bug.cgi?id=1256690
• https://bugzilla.suse.com/show_bug.cgi?id=1256716
• https://bugzilla.suse.com/show_bug.cgi?id=1257231
• https://bugzilla.suse.com/show_bug.cgi?id=1257466
• https://bugzilla.suse.com/show_bug.cgi?id=1257472
• https://bugzilla.suse.com/show_bug.cgi?id=1257473
• https://bugzilla.suse.com/show_bug.cgi?id=1257732
• https://bugzilla.suse.com/show_bug.cgi?id=1257735
• https://bugzilla.suse.com/show_bug.cgi?id=1257749
• https://bugzilla.suse.com/show_bug.cgi?id=1257790
• https://bugzilla.suse.com/show_bug.cgi?id=1257891
• https://bugzilla.suse.com/show_bug.cgi?id=1257952
• https://bugzilla.suse.com/show_bug.cgi?id=1258181
• https://bugzilla.suse.com/show_bug.cgi?id=1258338
• https://bugzilla.suse.com/show_bug.cgi?id=1258340
• https://bugzilla.suse.com/show_bug.cgi?id=1258376
• https://bugzilla.suse.com/show_bug.cgi?id=1258377
• https://bugzilla.suse.com/show_bug.cgi?id=1258395
• https://bugzilla.suse.com/show_bug.cgi?id=1258424
• https://bugzilla.suse.com/show_bug.cgi?id=1258464
• https://bugzilla.suse.com/show_bug.cgi?id=1258518
• https://bugzilla.suse.com/show_bug.cgi?id=1258524
• https://bugzilla.suse.com/show_bug.cgi?id=1258832
• https://bugzilla.suse.com/show_bug.cgi?id=1258849
• https://bugzilla.suse.com/show_bug.cgi?id=1258850
• https://bugzilla.suse.com/show_bug.cgi?id=1258928
• https://bugzilla.suse.com/show_bug.cgi?id=1259070
• https://bugzilla.suse.com/show_bug.cgi?id=1259857