Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:2331-1
Release Date:	2026-06-10T08:40:38Z
Rating:	important
References:	bsc#1261700 bsc#1263790 bsc#1263995 bsc#1264093 bsc#1264551 bsc#1266001 bsc#1266009 bsc#1266238 bsc#1266711 bsc#1266901 bsc#1266969 bsc#1267205 bsc#1267220
Cross-References:	CVE-2026-31405 CVE-2026-31629 CVE-2026-31758 CVE-2026-43037 CVE-2026-43206 CVE-2026-43499 CVE-2026-43501 CVE-2026-45852 CVE-2026-45970 CVE-2026-46021 CVE-2026-46043 CVE-2026-46113 CVE-2026-46243
CVSS scores:	CVE-2026-31405 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-31405 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2026-31405 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-31629 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-31629 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-31629 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-31758 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-31758 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-31758 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-43206 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43206 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43499 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-43499 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43499 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43501 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-45852 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-45852 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-45852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-45970 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-45970 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-45970 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46021 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-46021 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46043 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-46043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-46043 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-46113 ( SUSE ): 9.3 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVE-2026-46113 ( SUSE ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-46113 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:	SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Micro 5.4 SUSE Linux Enterprise Micro for Rancher 5.3 SUSE Linux Enterprise Micro for Rancher 5.4

An update that solves 13 vulnerabilities can now be installed.

Description:

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues

The following security issues were fixed:

CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables (bsc#1261700).
CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmc_release (bsc#1264093).
CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
CVE-2026-45970: bonding: alb: fix UAF in rlb_arp_recv during bond up/down (bsc#1267205).
CVE-2026-46021: thermal: core: Fix thermal zone governor cleanup issues (bsc#1267220).
CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
CVE-2026-46113: KVM: x86/mmu: Add helper to convert SPTE value to its shadow page (bsc#1266969).
CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).

The following non security issues were fixed:

arm64: tlb: Allow XZR argument to TLBI ops (git-fixes).
arm64: tlb: Optimize ARM64_WORKAROUND_REPEAT_TLBI (git-fixes).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2331=1
SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2026-2331=1
SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2331=1
SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2026-2331=1

Package List:

SUSE Linux Enterprise Micro for Rancher 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro for Rancher 5.3 (x86_64)
- kernel-rt-debuginfo-5.14.21-150400.15.170.1
- kernel-rt-debugsource-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro 5.3 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro 5.3 (x86_64)
- kernel-rt-debuginfo-5.14.21-150400.15.170.1
- kernel-rt-debugsource-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro 5.3 (noarch)
- kernel-source-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro for Rancher 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro for Rancher 5.4 (x86_64)
- kernel-rt-debuginfo-5.14.21-150400.15.170.1
- kernel-rt-debugsource-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro for Rancher 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro 5.4 (nosrc x86_64)
- kernel-rt-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro 5.4 (x86_64)
- kernel-rt-debuginfo-5.14.21-150400.15.170.1
- kernel-rt-debugsource-5.14.21-150400.15.170.1
SUSE Linux Enterprise Micro 5.4 (noarch)
- kernel-source-rt-5.14.21-150400.15.170.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: