Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:1131-1
Release Date:	2026-03-27T16:02:22Z
Rating:	important
References:	bsc#1220137 bsc#1220144 bsc#1223007 bsc#1231084 bsc#1233038 bsc#1235905 bsc#1236104 bsc#1236208 bsc#1237885 bsc#1237906 bsc#1238414 bsc#1238754 bsc#1238763 bsc#1238917 bsc#1244758 bsc#1244904 bsc#1245110 bsc#1248306 bsc#1248377 bsc#1249156 bsc#1249158 bsc#1249827 bsc#1252785 bsc#1253028 bsc#1253409 bsc#1254462 bsc#1254463 bsc#1254464 bsc#1254767 bsc#1255075 bsc#1255171 bsc#1256623 bsc#1256645 bsc#1256726 bsc#1256792 bsc#1257231 bsc#1257232 bsc#1257236 bsc#1257296 bsc#1257473 bsc#1257732 bsc#1257735 bsc#1257749 bsc#1257771 bsc#1257790 bsc#1258340 bsc#1258395 bsc#1258518 bsc#1258849 bsc#1258850 bsc#1259857 jsc#PED-12836
Cross-References:	CVE-2022-49604 CVE-2022-49943 CVE-2022-49980 CVE-2022-50232 CVE-2023-52433 CVE-2023-52923 CVE-2023-53178 CVE-2023-53407 CVE-2023-53412 CVE-2023-53417 CVE-2023-53418 CVE-2024-26581 CVE-2024-26832 CVE-2024-46854 CVE-2024-50143 CVE-2024-54031 CVE-2025-21658 CVE-2025-21738 CVE-2025-21760 CVE-2025-21764 CVE-2025-21765 CVE-2025-21766 CVE-2025-38563 CVE-2025-38565 CVE-2025-38684 CVE-2025-40044 CVE-2025-40139 CVE-2025-40242 CVE-2025-68312 CVE-2025-71066 CVE-2025-71085 CVE-2025-71112 CVE-2026-22999 CVE-2026-23001 CVE-2026-23004 CVE-2026-23054 CVE-2026-23060 CVE-2026-23074 CVE-2026-23089 CVE-2026-23191 CVE-2026-23204 CVE-2026-23209 CVE-2026-23268 CVE-2026-23269
CVSS scores:	CVE-2022-49604 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49604 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49604 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49943 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2022-49943 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2022-49943 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-49980 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2022-49980 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-49980 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-50232 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-50232 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52433 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-52433 ( NVD ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2023-52923 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2023-52923 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-52923 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53178 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53178 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53407 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2023-53407 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53407 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53407 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53412 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2023-53412 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53412 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53412 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53417 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2023-53417 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53417 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53417 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53418 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-53418 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26581 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2024-26581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-26581 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-26832 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-26832 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-46854 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2024-46854 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2024-50143 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2024-50143 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2024-50143 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-50143 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2024-54031 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2024-54031 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2024-54031 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21658 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-21658 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21658 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21738 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-21738 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21738 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21760 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21760 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21764 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21764 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-21765 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21765 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21766 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21766 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38563 ( SUSE ): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2025-38563 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38565 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-38565 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-38565 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-38684 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38684 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40044 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40044 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-40139 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40139 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40242 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40242 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-68312 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-68312 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-71066 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-71085 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-71085 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-71085 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-71112 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-71112 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-71112 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-22999 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-22999 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-22999 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23001 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23001 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23001 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23004 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23004 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23004 ( NVD ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23054 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23054 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23060 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23060 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23060 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-23074 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23074 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23074 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23089 ( SUSE ): 5.2 CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23089 ( SUSE ): 5.9 CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23089 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23191 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23191 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23191 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23204 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2026-23204 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23204 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2026-23209 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23209 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23209 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23268 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-23268 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-23269 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-23269 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
Affected Products:	SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves 44 vulnerabilities, contains one feature and has seven security fixes can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues

The following security issues were fixed:

• CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
• CVE-2025-21738: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (bsc#1238917).
• CVE-2025-40242: gfs2: Fix unlikely race in gdlm_put_lock (bsc#1255075).
• CVE-2025-68312: usbnet: Prevents free active kevent (bsc#1255171).
• CVE-2025-71066: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (bsc#1256645).
• CVE-2025-71085: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (bsc#1256623).
• CVE-2025-71112: net: hns3: add VLAN id validation before using (bsc#1256726).
• CVE-2026-22999: net/sched: sch_qfq: do not free existing class in qfq_change_class() (bsc#1257236).
• CVE-2026-23001: macvlan: fix possible UAF in macvlan_forward_source() (bsc#1257232).
• CVE-2026-23004: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() (bsc#1257231).
• CVE-2026-23060: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (bsc#1257735).
• CVE-2026-23074: net/sched: Enforce that teql can only be used as root qdisc (bsc#1257749).
• CVE-2026-23089: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() (bsc#1257790).
• CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger (bsc#1258395).
• CVE-2026-23204: net: add skb_header_pointer_careful() helper (bsc#1258340).
• CVE-2026-23209: macvlan: fix error recovery in macvlan_common_newlink() (bsc#1258518).
• CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management (bsc#1258850).
• CVE-2026-23269: apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1259857).

The following non security issues were fixed:

• apparmor: fix differential encoding verification (bsc#1258849).
• apparmor: Fix double free of ns_name in aa_replace_profiles() (bsc#1258849).
• apparmor: fix memory leak in verify_header (bsc#1258849).
• apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (bsc#1258849).
• apparmor: fix race between freeing data and fs accessing it (bsc#1258849).
• apparmor: fix race on rawdata dereference (bsc#1258849).
• apparmor: fix side-effect bug in match_char() macro usage (bsc#1258849).
• apparmor: fix unprivileged local user can do privileged policy management (bsc#1258849).
• apparmor: fix: limit the number of levels of policy namespaces (bsc#1258849).
• apparmor: replace recursive profile removal with iterative approach (bsc#1258849).
• apparmor: validate DFA start states are in bounds in unpack_pdb (bsc#1258849).
• net: hv_netvsc: reject RSS hash key programming without RX indirection table (bsc#1257473).
• net: tcp: allow zero-window ACK update the window (bsc#1254767).
• net: tcp: send zero-window ACK when no memory (bsc#1254767).
• scsi: storvsc: Process unsupported MODE_SENSE_10 (bsc#1257296).
• tcp: correct handling of extreme memory squeeze (bsc#1254767).
• x86/its: Fix crash during dynamic its initialization (bsc#1257771).
• x86/modules: Set VM_FLUSH_RESET_PERMS in module_alloc() (bsc#1257771).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Micro for Rancher 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-1131=1
• SUSE Linux Enterprise Micro 5.3
  zypper in -t patch SUSE-SLE-Micro-5.3-2026-1131=1
• SUSE Linux Enterprise Micro for Rancher 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-1131=1
• SUSE Linux Enterprise Micro 5.4
  zypper in -t patch SUSE-SLE-Micro-5.4-2026-1131=1

Package List:

• SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.145.1
  • kernel-rt-debugsource-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
  • kernel-source-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro 5.3 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.145.1
  • kernel-rt-debugsource-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro 5.3 (noarch)
  • kernel-source-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.145.1
  • kernel-rt-debugsource-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
  • kernel-source-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
  • kernel-rt-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro 5.4 (x86_64)
  • kernel-rt-debuginfo-5.14.21-150400.15.145.1
  • kernel-rt-debugsource-5.14.21-150400.15.145.1
• SUSE Linux Enterprise Micro 5.4 (noarch)
  • kernel-source-rt-5.14.21-150400.15.145.1

References:

• https://www.suse.com/security/cve/CVE-2022-49604.html
• https://www.suse.com/security/cve/CVE-2022-49943.html
• https://www.suse.com/security/cve/CVE-2022-49980.html
• https://www.suse.com/security/cve/CVE-2022-50232.html
• https://www.suse.com/security/cve/CVE-2023-52433.html
• https://www.suse.com/security/cve/CVE-2023-52923.html
• https://www.suse.com/security/cve/CVE-2023-53178.html
• https://www.suse.com/security/cve/CVE-2023-53407.html
• https://www.suse.com/security/cve/CVE-2023-53412.html
• https://www.suse.com/security/cve/CVE-2023-53417.html
• https://www.suse.com/security/cve/CVE-2023-53418.html
• https://www.suse.com/security/cve/CVE-2024-26581.html
• https://www.suse.com/security/cve/CVE-2024-26832.html
• https://www.suse.com/security/cve/CVE-2024-46854.html
• https://www.suse.com/security/cve/CVE-2024-50143.html
• https://www.suse.com/security/cve/CVE-2024-54031.html
• https://www.suse.com/security/cve/CVE-2025-21658.html
• https://www.suse.com/security/cve/CVE-2025-21738.html
• https://www.suse.com/security/cve/CVE-2025-21760.html
• https://www.suse.com/security/cve/CVE-2025-21764.html
• https://www.suse.com/security/cve/CVE-2025-21765.html
• https://www.suse.com/security/cve/CVE-2025-21766.html
• https://www.suse.com/security/cve/CVE-2025-38563.html
• https://www.suse.com/security/cve/CVE-2025-38565.html
• https://www.suse.com/security/cve/CVE-2025-38684.html
• https://www.suse.com/security/cve/CVE-2025-40044.html
• https://www.suse.com/security/cve/CVE-2025-40139.html
• https://www.suse.com/security/cve/CVE-2025-40242.html
• https://www.suse.com/security/cve/CVE-2025-68312.html
• https://www.suse.com/security/cve/CVE-2025-71066.html
• https://www.suse.com/security/cve/CVE-2025-71085.html
• https://www.suse.com/security/cve/CVE-2025-71112.html
• https://www.suse.com/security/cve/CVE-2026-22999.html
• https://www.suse.com/security/cve/CVE-2026-23001.html
• https://www.suse.com/security/cve/CVE-2026-23004.html
• https://www.suse.com/security/cve/CVE-2026-23054.html
• https://www.suse.com/security/cve/CVE-2026-23060.html
• https://www.suse.com/security/cve/CVE-2026-23074.html
• https://www.suse.com/security/cve/CVE-2026-23089.html
• https://www.suse.com/security/cve/CVE-2026-23191.html
• https://www.suse.com/security/cve/CVE-2026-23204.html
• https://www.suse.com/security/cve/CVE-2026-23209.html
• https://www.suse.com/security/cve/CVE-2026-23268.html
• https://www.suse.com/security/cve/CVE-2026-23269.html
• https://bugzilla.suse.com/show_bug.cgi?id=1220137
• https://bugzilla.suse.com/show_bug.cgi?id=1220144
• https://bugzilla.suse.com/show_bug.cgi?id=1223007
• https://bugzilla.suse.com/show_bug.cgi?id=1231084
• https://bugzilla.suse.com/show_bug.cgi?id=1233038
• https://bugzilla.suse.com/show_bug.cgi?id=1235905
• https://bugzilla.suse.com/show_bug.cgi?id=1236104
• https://bugzilla.suse.com/show_bug.cgi?id=1236208
• https://bugzilla.suse.com/show_bug.cgi?id=1237885
• https://bugzilla.suse.com/show_bug.cgi?id=1237906
• https://bugzilla.suse.com/show_bug.cgi?id=1238414
• https://bugzilla.suse.com/show_bug.cgi?id=1238754
• https://bugzilla.suse.com/show_bug.cgi?id=1238763
• https://bugzilla.suse.com/show_bug.cgi?id=1238917
• https://bugzilla.suse.com/show_bug.cgi?id=1244758
• https://bugzilla.suse.com/show_bug.cgi?id=1244904
• https://bugzilla.suse.com/show_bug.cgi?id=1245110
• https://bugzilla.suse.com/show_bug.cgi?id=1248306
• https://bugzilla.suse.com/show_bug.cgi?id=1248377
• https://bugzilla.suse.com/show_bug.cgi?id=1249156
• https://bugzilla.suse.com/show_bug.cgi?id=1249158
• https://bugzilla.suse.com/show_bug.cgi?id=1249827
• https://bugzilla.suse.com/show_bug.cgi?id=1252785
• https://bugzilla.suse.com/show_bug.cgi?id=1253028
• https://bugzilla.suse.com/show_bug.cgi?id=1253409
• https://bugzilla.suse.com/show_bug.cgi?id=1254462
• https://bugzilla.suse.com/show_bug.cgi?id=1254463
• https://bugzilla.suse.com/show_bug.cgi?id=1254464
• https://bugzilla.suse.com/show_bug.cgi?id=1254767
• https://bugzilla.suse.com/show_bug.cgi?id=1255075
• https://bugzilla.suse.com/show_bug.cgi?id=1255171
• https://bugzilla.suse.com/show_bug.cgi?id=1256623
• https://bugzilla.suse.com/show_bug.cgi?id=1256645
• https://bugzilla.suse.com/show_bug.cgi?id=1256726
• https://bugzilla.suse.com/show_bug.cgi?id=1256792
• https://bugzilla.suse.com/show_bug.cgi?id=1257231
• https://bugzilla.suse.com/show_bug.cgi?id=1257232
• https://bugzilla.suse.com/show_bug.cgi?id=1257236
• https://bugzilla.suse.com/show_bug.cgi?id=1257296
• https://bugzilla.suse.com/show_bug.cgi?id=1257473
• https://bugzilla.suse.com/show_bug.cgi?id=1257732
• https://bugzilla.suse.com/show_bug.cgi?id=1257735
• https://bugzilla.suse.com/show_bug.cgi?id=1257749
• https://bugzilla.suse.com/show_bug.cgi?id=1257771
• https://bugzilla.suse.com/show_bug.cgi?id=1257790
• https://bugzilla.suse.com/show_bug.cgi?id=1258340
• https://bugzilla.suse.com/show_bug.cgi?id=1258395
• https://bugzilla.suse.com/show_bug.cgi?id=1258518
• https://bugzilla.suse.com/show_bug.cgi?id=1258849
• https://bugzilla.suse.com/show_bug.cgi?id=1258850
• https://bugzilla.suse.com/show_bug.cgi?id=1259857
• https://jira.suse.com/browse/PED-12836