Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:1130-1
Release Date:	2026-03-27T15:47:44Z
Rating:	important
References:	bsc#1221532 bsc#1238917 bsc#1257749 bsc#1257790 bsc#1258395
Cross-References:	CVE-2021-47110 CVE-2025-21738 CVE-2026-23074 CVE-2026-23089 CVE-2026-23191
CVSS scores:	CVE-2021-47110 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-47110 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-21738 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23089 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

An update that solves five vulnerabilities can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes.

The following security bugs were fixed:

CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm (bsc#1221532).
CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).

The following non-security bugs were fixed:

Disable CONFIG_NET_SCH_ATM (jsc#PED-12836).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-1130=1
SUSE Linux Enterprise Server 11 SP4
zypper in -t patch SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2026-1130=1

Package List:

SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (nosrc x86_64)
- kernel-ec2-3.0.101-108.204.1
- kernel-default-3.0.101-108.204.1
- kernel-xen-3.0.101-108.204.1
- kernel-trace-3.0.101-108.204.1
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (x86_64)
- kernel-trace-devel-3.0.101-108.204.1
- kernel-ec2-debuginfo-3.0.101-108.204.1
- kernel-xen-debuginfo-3.0.101-108.204.1
- kernel-xen-devel-3.0.101-108.204.1
- kernel-ec2-base-3.0.101-108.204.1
- kernel-trace-devel-debuginfo-3.0.101-108.204.1
- kernel-default-devel-3.0.101-108.204.1
- kernel-xen-base-3.0.101-108.204.1
- kernel-syms-3.0.101-108.204.1
- kernel-trace-base-3.0.101-108.204.1
- kernel-default-debuginfo-3.0.101-108.204.1
- kernel-default-debugsource-3.0.101-108.204.1
- kernel-default-base-3.0.101-108.204.1
- kernel-xen-devel-debuginfo-3.0.101-108.204.1
- kernel-source-3.0.101-108.204.1
- kernel-default-devel-debuginfo-3.0.101-108.204.1
- kernel-ec2-debugsource-3.0.101-108.204.1
- kernel-trace-debugsource-3.0.101-108.204.1
- kernel-xen-debugsource-3.0.101-108.204.1
- kernel-ec2-devel-3.0.101-108.204.1
- kernel-ec2-devel-debuginfo-3.0.101-108.204.1
- kernel-trace-debuginfo-3.0.101-108.204.1
SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE (noarch nosrc)
- kernel-docs-3.0.101-108.204.1
SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64)
- kernel-ec2-3.0.101-108.204.1
- kernel-default-3.0.101-108.204.1
- kernel-xen-3.0.101-108.204.1
- kernel-trace-3.0.101-108.204.1
SUSE Linux Enterprise Server 11 SP4 (x86_64)
- kernel-trace-devel-3.0.101-108.204.1
- kernel-ec2-debuginfo-3.0.101-108.204.1
- kernel-xen-debuginfo-3.0.101-108.204.1
- kernel-xen-devel-3.0.101-108.204.1
- kernel-ec2-base-3.0.101-108.204.1
- kernel-trace-devel-debuginfo-3.0.101-108.204.1
- kernel-default-devel-3.0.101-108.204.1
- kernel-xen-base-3.0.101-108.204.1
- kernel-syms-3.0.101-108.204.1
- kernel-trace-base-3.0.101-108.204.1
- kernel-default-debuginfo-3.0.101-108.204.1
- kernel-default-debugsource-3.0.101-108.204.1
- kernel-default-base-3.0.101-108.204.1
- kernel-xen-devel-debuginfo-3.0.101-108.204.1
- kernel-source-3.0.101-108.204.1
- kernel-default-devel-debuginfo-3.0.101-108.204.1
- kernel-ec2-debugsource-3.0.101-108.204.1
- kernel-trace-debugsource-3.0.101-108.204.1
- kernel-xen-debugsource-3.0.101-108.204.1
- kernel-ec2-devel-3.0.101-108.204.1
- kernel-ec2-devel-debuginfo-3.0.101-108.204.1
- kernel-trace-debuginfo-3.0.101-108.204.1
SUSE Linux Enterprise Server 11 SP4 (noarch nosrc)
- kernel-docs-3.0.101-108.204.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: