Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2026:2332-1
Release Date:	2026-06-10T08:41:19Z
Rating:	important
References:	bsc#1263790 bsc#1263995 bsc#1264551 bsc#1266001 bsc#1266009 bsc#1266238 bsc#1266711 bsc#1266901
Cross-References:	CVE-2026-31629 CVE-2026-43037 CVE-2026-43206 CVE-2026-43499 CVE-2026-43501 CVE-2026-45852 CVE-2026-46043 CVE-2026-46243
CVSS scores:	CVE-2026-31629 ( SUSE ): 8.7 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-31629 ( SUSE ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-31629 ( NVD ): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-43037 ( SUSE ): 7.7 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-43037 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43037 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-43206 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43206 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43499 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-43499 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43499 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-43501 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2026-43501 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2026-43501 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2026-45852 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-45852 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-45852 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46043 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2026-46043 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-46043 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2026-46243 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-46243 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46243 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2026-46243 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Affected Products:	openSUSE Leap 15.5 SUSE Linux Enterprise Micro 5.5

An update that solves eight vulnerabilities can now be installed.

Description:

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to fix various security issues

The following security issues were fixed:

CVE-2026-31629: nfc: llcp: add missing return after LLCP_CLOSED checks (bsc#1263790).
CVE-2026-43037: ip6_tunnel: clear skb2->cb in ip4ip6_err() (bsc#1263995).
CVE-2026-43206: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() (bsc#1264551).
CVE-2026-43499: rtmutex: Use waiter::task instead of current in remove_waiter() (bsc#1266001).
CVE-2026-43501: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (bsc#1266009).
CVE-2026-45852: RDMA/rxe: Fix double free in rxe_srq_from_init (bsc#1266711).
CVE-2026-46043: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (bsc#1266901).
CVE-2026-46243: smb: client: reject userspace cifs.spnego descriptions (bsc#1266238).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

openSUSE Leap 15.5
zypper in -t patch SUSE-2026-2332=1
SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2026-2332=1

Package List:

openSUSE Leap 15.5 (x86_64)
- dlm-kmp-rt-debuginfo-5.14.21-150500.13.143.1
- kernel-rt-devel-debuginfo-5.14.21-150500.13.143.1
- kernel-syms-rt-5.14.21-150500.13.143.1
- gfs2-kmp-rt-5.14.21-150500.13.143.1
- kernel-rt-debugsource-5.14.21-150500.13.143.1
- kernel-rt-extra-5.14.21-150500.13.143.1
- kernel-rt-extra-debuginfo-5.14.21-150500.13.143.1
- kernel-rt_debug-vdso-debuginfo-5.14.21-150500.13.143.1
- ocfs2-kmp-rt-5.14.21-150500.13.143.1
- gfs2-kmp-rt-debuginfo-5.14.21-150500.13.143.1
- kernel-rt-livepatch-5.14.21-150500.13.143.1
- kernel-rt_debug-vdso-5.14.21-150500.13.143.1
- kernel-rt-vdso-debuginfo-5.14.21-150500.13.143.1
- kernel-rt-debuginfo-5.14.21-150500.13.143.1
- kernel-rt-devel-5.14.21-150500.13.143.1
- kselftests-kmp-rt-5.14.21-150500.13.143.1
- kernel-rt_debug-debuginfo-5.14.21-150500.13.143.1
- kernel-rt-optional-5.14.21-150500.13.143.1
- dlm-kmp-rt-5.14.21-150500.13.143.1
- kselftests-kmp-rt-debuginfo-5.14.21-150500.13.143.1
- cluster-md-kmp-rt-5.14.21-150500.13.143.1
- cluster-md-kmp-rt-debuginfo-5.14.21-150500.13.143.1
- kernel-rt_debug-devel-5.14.21-150500.13.143.1
- kernel-rt_debug-debugsource-5.14.21-150500.13.143.1
- kernel-rt-optional-debuginfo-5.14.21-150500.13.143.1
- reiserfs-kmp-rt-debuginfo-5.14.21-150500.13.143.1
- ocfs2-kmp-rt-debuginfo-5.14.21-150500.13.143.1
- reiserfs-kmp-rt-5.14.21-150500.13.143.1
- kernel-rt-vdso-5.14.21-150500.13.143.1
- kernel-rt-livepatch-devel-5.14.21-150500.13.143.1
- kernel-rt_debug-devel-debuginfo-5.14.21-150500.13.143.1
openSUSE Leap 15.5 (nosrc x86_64)
- kernel-rt-5.14.21-150500.13.143.1
- kernel-rt_debug-5.14.21-150500.13.143.1
openSUSE Leap 15.5 (noarch)
- kernel-source-rt-5.14.21-150500.13.143.1
- kernel-devel-rt-5.14.21-150500.13.143.1
SUSE Linux Enterprise Micro 5.5 (noarch)
- kernel-source-rt-5.14.21-150500.13.143.1
- kernel-devel-rt-5.14.21-150500.13.143.1
SUSE Linux Enterprise Micro 5.5 (nosrc x86_64)
- kernel-rt-5.14.21-150500.13.143.1
SUSE Linux Enterprise Micro 5.5 (x86_64)
- kernel-rt-debuginfo-5.14.21-150500.13.143.1
- kernel-rt-debugsource-5.14.21-150500.13.143.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: