Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-54518 (GCVE-0-2025-54518)
Vulnerability from cvelistv5 – Published: 2026-05-15 03:06 – Updated: 2026-06-30 12:07
VLAI
EPSS
Summary
Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://www.amd.com/en/resources/product-security… | |
| http://www.openwall.com/lists/oss-security/2026/0… | |
| http://xenbits.xen.org/xsa/advisory-490.html | |
| https://access.redhat.com/security/cve/CVE-2025-54518 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2477784 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
Impacted products
21 products
Date Public
2026-05-15 03:05
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2026-05-15T03:09:03.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2026/05/12/15"
},
{
"url": "http://xenbits.xen.org/xsa/advisory-490.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54518",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-16T03:56:02.809Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:10"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"cpes": [
"cpe:/a:redhat:enterprise_linux_nvidia:"
],
"defaultStatus": "unaffected",
"product": "Red Hat Enterprise Linux for NVIDIA 26",
"vendor": "Red Hat"
}
],
"datePublic": "2026-05-15T03:06:30.822Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in AMD Zen 2-based processors, affecting components such as the kernel and Xen hypervisor. Improper isolation of shared resources within the CPU operation cache could allow an attacker to corrupt instructions executed at a different privilege level. This could potentially result in privilege escalation, granting an attacker higher system access than intended."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1220",
"description": "Insufficient Granularity of Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T12:07:18.344Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2025-54518"
},
{
"name": "RHBZ#2477784",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477784"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54518.json"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-15T05:01:27.379Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-05-15T03:06:30.822Z",
"value": "Made public."
}
],
"title": "kernel: xen: AMD Zen 2 Processors: Privilege escalation via improper CPU cache isolation",
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "os kernel"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "RenoirPI-FP6_1.0.0.Ed"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "MendocinoPI-FT6_1.0.0.7f"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ChagallWSPI-sWRX8-1.0.0.D"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6_1.0.1.1d"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CastlePeakWSPI-sWRX8 1.0.0.I"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6_1.0.1.1d"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "CezannePI-FP6_1.0.1.1d"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 4000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4v2 1.2.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 3000 Series Desktop Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "ComboAM4PI 1.0.0.10"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD EPYC\u2122 Embedded 7002 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "OS kernel"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen Embedded V2000A Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedV2KAPI-FP6 1.0.0.A"
}
]
},
{
"defaultStatus": "affected",
"product": "AMD Ryzen\u2122 Embedded V2000 Series Processors",
"vendor": "AMD",
"versions": [
{
"status": "unaffected",
"version": "EmbeddedPI-FP6_1.0.0.D"
}
]
}
],
"datePublic": "2026-05-15T03:05:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.\u003cbr\u003e"
}
],
"value": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1189",
"description": "CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-15T03:06:57.446Z",
"orgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"shortName": "AMD"
},
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "AMD PSIRT Automation 1.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b58fc414-a1e4-4f92-9d70-1add41838648",
"assignerShortName": "AMD",
"cveId": "CVE-2025-54518",
"datePublished": "2026-05-15T03:06:30.822Z",
"dateReserved": "2025-07-23T15:01:52.883Z",
"dateUpdated": "2026-06-30T12:07:18.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-54518",
"date": "2026-06-30",
"epss": "0.00258",
"percentile": "0.17041"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-54518\",\"sourceIdentifier\":\"psirt@amd.com\",\"published\":\"2026-05-15T05:16:33.013\",\"lastModified\":\"2026-06-30T03:16:52.207\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.\"}],\"affected\":[{\"source\":\"psirt@amd.com\",\"affectedData\":[{\"vendor\":\"AMD\",\"product\":\"AMD EPYC\u2122 7002 Series Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"os kernel\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 4000 Series Mobile Processors with Radeon\u2122 Graphics\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"RenoirPI-FP6_1.0.0.Ed\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 7020 Series Processors with Radeon\u2122 Graphics\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"MendocinoPI-FT6_1.0.0.7f\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 3000 Series Desktop Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"ComboAM4v2 1.2.0.10\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"ChagallWSPI-sWRX8-1.0.0.D\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 7030 Series Mobile Processors with Radeon\u2122 Graphics\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"CezannePI-FP6_1.0.1.1d\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 Threadripper\u2122 PRO 3000 WX-Series Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"CastlePeakWSPI-sWRX8 1.0.0.I\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"CezannePI-FP6_1.0.1.1d\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 5000 Series Mobile Processors with Radeon\u2122 Graphics\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"CezannePI-FP6_1.0.1.1d\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 4000 Series Desktop Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"ComboAM4v2 1.2.0.10\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 5000 Series Desktop Processors with Radeon\u2122 Graphics\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"ComboAM4v2 1.2.0.10\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 3000 Series Desktop Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"ComboAM4PI 1.0.0.10\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD EPYC\u2122 Embedded 7002 Series Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"OS kernel\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen Embedded V2000A Series Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"EmbeddedV2KAPI-FP6 1.0.0.A\",\"status\":\"unaffected\"}]},{\"vendor\":\"AMD\",\"product\":\"AMD Ryzen\u2122 Embedded V2000 Series Processors\",\"defaultStatus\":\"affected\",\"versions\":[{\"version\":\"EmbeddedPI-FP6_1.0.0.D\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 10\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 7\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 8\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:8\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 9\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:9\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat OpenShift Container Platform 4\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:openshift:4\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux for NVIDIA 26\",\"defaultStatus\":\"unaffected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux_nvidia:\"]}]}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-05-15T00:00:00+00:00\",\"id\":\"CVE-2025-54518\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"psirt@amd.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1189\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1220\"}]}],\"references\":[{\"url\":\"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html\",\"source\":\"psirt@amd.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/12/15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://xenbits.xen.org/xsa/advisory-490.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2025-54518\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2477784\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54518.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/12/15\"}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-490.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-15T03:09:03.940Z\"}}, {\"title\": \"kernel: xen: AMD Zen 2 Processors: Privilege escalation via improper CPU cache isolation\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 10\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:8\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:9\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:openshift:4\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat OpenShift Container Platform 4\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"defaultStatus\": \"unaffected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux_nvidia:\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux for NVIDIA 26\", \"defaultStatus\": \"unaffected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-05-15T05:01:27.379Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-05-15T03:06:30.822Z\", \"value\": \"Made public.\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-05-15T03:06:30.822Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2025-54518\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2477784\", \"name\": \"RHBZ#2477784\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-54518.json\", \"tags\": [\"x_sadp-csaf-vex\"]}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in AMD Zen 2-based processors, affecting components such as the kernel and Xen hypervisor. Improper isolation of shared resources within the CPU operation cache could allow an attacker to corrupt instructions executed at a different privilege level. This could potentially result in privilege escalation, granting an attacker higher system access than intended.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1220\", \"description\": \"Insufficient Granularity of Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T12:07:18.344Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-54518\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-15T11:11:06.413554Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-15T11:11:18.332Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 7.3, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 7002 Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"os kernel\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"RenoirPI-FP6_1.0.0.Ed\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7020 Series Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"MendocinoPI-FT6_1.0.0.7f\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 3000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4v2 1.2.0.10\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 3000 WX-Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ChagallWSPI-sWRX8-1.0.0.D\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 7030 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CezannePI-FP6_1.0.1.1d\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Threadripper\\u2122 PRO 3000 WX-Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CastlePeakWSPI-sWRX8 1.0.0.I\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CezannePI-FP6_1.0.1.1d\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Mobile Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"CezannePI-FP6_1.0.1.1d\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 4000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4v2 1.2.0.10\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 5000 Series Desktop Processors with Radeon\\u2122 Graphics\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4v2 1.2.0.10\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 3000 Series Desktop Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"ComboAM4PI 1.0.0.10\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD EPYC\\u2122 Embedded 7002 Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"OS kernel\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen Embedded V2000A Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedV2KAPI-FP6 1.0.0.A\"}], \"defaultStatus\": \"affected\"}, {\"vendor\": \"AMD\", \"product\": \"AMD Ryzen\\u2122 Embedded V2000 Series Processors\", \"versions\": [{\"status\": \"unaffected\", \"version\": \"EmbeddedPI-FP6_1.0.0.D\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2026-05-15T03:05:00.000Z\", \"references\": [{\"url\": \"https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7052.html\"}], \"x_generator\": {\"engine\": \"AMD PSIRT Automation 1.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1189\", \"description\": \"CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)\"}]}], \"providerMetadata\": {\"orgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"shortName\": \"AMD\", \"dateUpdated\": \"2026-05-15T03:06:57.446Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-54518\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T12:07:18.344Z\", \"dateReserved\": \"2025-07-23T15:01:52.883Z\", \"assignerOrgId\": \"b58fc414-a1e4-4f92-9d70-1add41838648\", \"datePublished\": \"2026-05-15T03:06:30.822Z\", \"assignerShortName\": \"AMD\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
SUSE-SU-2026:21933-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-455
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-455",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21933-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21933-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621933-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21933-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026461.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 8 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21933-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-30-default-18-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-30-default-18-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-30-default-18-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-30-default-18-1.2.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-30-default-18-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-30-default-18-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21934-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-456
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-31.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-456",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21934-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21934-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621934-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21934-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026460.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 9 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21934-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-31-default-18-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-31-default-18-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-31-default-18-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-31-default-18-1.2.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-31-default-18-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-31-default-18-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-31-default-18-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21935-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-452
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-34.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-452",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21935-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21935-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621935-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21935-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026459.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 11 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21935-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-34-default-11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-34-default-11-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-34-default-11-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-34-default-11-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-34-default-11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-34-default-11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-34-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21936-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:27 - Updated: 2026-06-01 09:27Summary
Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-453
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-453",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21936-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21936-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621936-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21936-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026458.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:27:23Z",
"generator": {
"date": "2026-06-01T09:27:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21936-1",
"initial_release_date": "2026-06-01T09:27:23Z",
"revision_history": [
{
"date": "2026-06-01T09:27:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-35-default-11-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-35-default-11-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-35-default-11-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-35-default-11-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-35-default-11-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-35-default-11-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:27:23Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:27:23Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:27:23Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:27:23Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:27:23Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-35-default-11-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:27:23Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21937-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-457
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-36.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-457",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21937-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21937-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621937-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21937-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026457.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 13 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21937-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-36-default-9-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-36-default-9-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-36-default-9-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-36-default-9-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-36-default-9-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-36-default-9-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-36-default-9-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21938-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-458
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-458",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21938-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21938-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621938-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21938-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026456.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21938-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"product_id": "kernel-livepatch-6_4_0-38-default-7-1.2.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-38-default-7-1.2.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-38-default-7-1.2.x86_64",
"product_id": "kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-38-default-7-1.2.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-38-default-7-1.2.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-38-default-7-1.2.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-38-default-7-1.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21939-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-459
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-39.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-459",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21939-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21939-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621939-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21939-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026455.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 16 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21939-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-39-default-6-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-39-default-6-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-39-default-6-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-39-default-6-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-39-default-6-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-39-default-6-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-39-default-6-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21940-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-460
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
33 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-40.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-460",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21940-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21940-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621940-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21940-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026454.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 17 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21940-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-40-default-5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-40-default-5-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-40-default-5-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-40-default-5-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-40-default-5-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-40-default-5-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-40-default-5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21941-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:26 - Updated: 2026-06-01 09:26Summary
Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-461
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
23 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-41.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-461",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21941-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21941-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621941-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21941-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026453.html"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 18 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:26:24Z",
"generator": {
"date": "2026-06-01T09:26:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21941-1",
"initial_release_date": "2026-06-01T09:26:24Z",
"revision_history": [
{
"date": "2026-06-01T09:26:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"product": {
"name": "kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"product_id": "kernel-livepatch-6_4_0-41-default-4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-41-default-4-1.1.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-41-default-4-1.1.x86_64",
"product_id": "kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-41-default-4-1.1.s390x as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x"
},
"product_reference": "kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-41-default-4-1.1.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-41-default-4-1.1.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.s390x",
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-41-default-4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:26:24Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
SUSE-SU-2026:21942-1
Vulnerability from csaf_suse - Published: 2026-06-01 09:32 - Updated: 2026-06-01 09:32Summary
Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)
Description of the patch:
This update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues
The following security issues were fixed:
- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).
- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).
- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).
- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).
- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).
- CVE-2026-46333: ptrace: slightly saner 'get_dumpable()' logic (bsc#1265384).
Patchnames: SUSE-SLE-Micro-6.0-kernel-454
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
38 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update for the SUSE Linux Enterprise Kernel 6.4.0-30.1 fixes various security issues\n\nThe following security issues were fixed:\n\n- CVE-2025-54518: AMD-SN-7052: CPU OP Cache Corruption (bsc#1264096).\n- CVE-2026-23243: RDMA/umad: Reject negative data_len in ib_umad_write (bsc#1259798).\n- CVE-2026-23274: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (bsc#1260908).\n- CVE-2026-23317: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (bsc#1260563).\n- CVE-2026-46300: FragNesia attack: another xfrm/esp based local root exploit (bsc#1265224).\n- CVE-2026-46333: ptrace: slightly saner \u0027get_dumpable()\u0027 logic (bsc#1265384).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Micro-6.0-kernel-454",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_21942-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:21942-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-202621942-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:21942-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026452.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259798",
"url": "https://bugzilla.suse.com/1259798"
},
{
"category": "self",
"summary": "SUSE Bug 1260563",
"url": "https://bugzilla.suse.com/1260563"
},
{
"category": "self",
"summary": "SUSE Bug 1260908",
"url": "https://bugzilla.suse.com/1260908"
},
{
"category": "self",
"summary": "SUSE Bug 1264096",
"url": "https://bugzilla.suse.com/1264096"
},
{
"category": "self",
"summary": "SUSE Bug 1265224",
"url": "https://bugzilla.suse.com/1265224"
},
{
"category": "self",
"summary": "SUSE Bug 1265384",
"url": "https://bugzilla.suse.com/1265384"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-54518 page",
"url": "https://www.suse.com/security/cve/CVE-2025-54518/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23243 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23243/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23274 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23274/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23317 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23317/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46300 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-46333 page",
"url": "https://www.suse.com/security/cve/CVE-2026-46333/"
}
],
"title": "Security update for the Linux Kernel RT (Live Patch 7 for SUSE Linux Enterprise Micro 6.0)",
"tracking": {
"current_release_date": "2026-06-01T09:32:33Z",
"generator": {
"date": "2026-06-01T09:32:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:21942-1",
"initial_release_date": "2026-06-01T09:32:33Z",
"revision_history": [
{
"date": "2026-06-01T09:32:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64",
"product": {
"name": "kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64",
"product_id": "kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Micro 6.0",
"product": {
"name": "SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sl-micro:6.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64 as component of SUSE Linux Micro 6.0",
"product_id": "SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
},
"product_reference": "kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64",
"relates_to_product_reference": "SUSE Linux Micro 6.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-54518",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-54518"
}
],
"notes": [
{
"category": "general",
"text": "Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-54518",
"url": "https://www.suse.com/security/cve/CVE-2025-54518"
},
{
"category": "external",
"summary": "SUSE Bug 1264013 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264013"
},
{
"category": "external",
"summary": "SUSE Bug 1264066 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264066"
},
{
"category": "external",
"summary": "SUSE Bug 1264096 for CVE-2025-54518",
"url": "https://bugzilla.suse.com/1264096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:32:33Z",
"details": "important"
}
],
"title": "CVE-2025-54518"
},
{
"cve": "CVE-2026-23243",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23243"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/umad: Reject negative data_len in ib_umad_write\n\nib_umad_write computes data_len from user-controlled count and the\nMAD header sizes. With a mismatched user MAD header size and RMPP\nheader length, data_len can become negative and reach ib_create_send_mad().\nThis can make the padding calculation exceed the segment size and trigger\nan out-of-bounds memset in alloc_send_rmpp_list().\n\nAdd an explicit check to reject negative data_len before creating the\nsend buffer.\n\nKASAN splat:\n[ 211.363464] BUG: KASAN: slab-out-of-bounds in ib_create_send_mad+0xa01/0x11b0\n[ 211.364077] Write of size 220 at addr ffff88800c3fa1f8 by task spray_thread/102\n[ 211.365867] ib_create_send_mad+0xa01/0x11b0\n[ 211.365887] ib_umad_write+0x853/0x1c80",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23243",
"url": "https://www.suse.com/security/cve/CVE-2026-23243"
},
{
"category": "external",
"summary": "SUSE Bug 1259797 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259797"
},
{
"category": "external",
"summary": "SUSE Bug 1259798 for CVE-2026-23243",
"url": "https://bugzilla.suse.com/1259798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:32:33Z",
"details": "important"
}
],
"title": "CVE-2026-23243"
},
{
"cve": "CVE-2026-23274",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23274"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels\n\nIDLETIMER revision 0 rules reuse existing timers by label and always call\nmod_timer() on timer-\u003etimer.\n\nIf the label was created first by revision 1 with XT_IDLETIMER_ALARM,\nthe object uses alarm timer semantics and timer-\u003etimer is never initialized.\nReusing that object from revision 0 causes mod_timer() on an uninitialized\ntimer_list, triggering debugobjects warnings and possible panic when\npanic_on_warn=1.\n\nFix this by rejecting revision 0 rule insertion when an existing timer with\nthe same label is of ALARM type.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23274",
"url": "https://www.suse.com/security/cve/CVE-2026-23274"
},
{
"category": "external",
"summary": "SUSE Bug 1260005 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260005"
},
{
"category": "external",
"summary": "SUSE Bug 1260908 for CVE-2026-23274",
"url": "https://bugzilla.suse.com/1260908"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:32:33Z",
"details": "important"
}
],
"title": "CVE-2026-23274"
},
{
"cve": "CVE-2026-23317",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23317"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Return the correct value in vmw_translate_ptr functions\n\nBefore the referenced fixes these functions used a lookup function that\nreturned a pointer. This was changed to another lookup function that\nreturned an error code with the pointer becoming an out parameter.\n\nThe error path when the lookup failed was not changed to reflect this\nchange and the code continued to return the PTR_ERR of the now\nuninitialized pointer. This could cause the vmw_translate_ptr functions\nto return success when they actually failed causing further uninitialized\nand OOB accesses.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23317",
"url": "https://www.suse.com/security/cve/CVE-2026-23317"
},
{
"category": "external",
"summary": "SUSE Bug 1260562 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260562"
},
{
"category": "external",
"summary": "SUSE Bug 1260563 for CVE-2026-23317",
"url": "https://bugzilla.suse.com/1260563"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:32:33Z",
"details": "important"
}
],
"title": "CVE-2026-23317"
},
{
"cve": "CVE-2026-46300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46300"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: skbuff: preserve shared-frag marker during coalescing\n\nskb_try_coalesce() can attach paged frags from @from to @to. If @from\nhas SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same\nexternally-owned or page-cache-backed frags, but the shared-frag marker\nis currently lost.\n\nThat breaks the invariant relied on by later in-place writers. In\nparticular, ESP input checks skb_has_shared_frag() before deciding\nwhether an uncloned nonlinear skb can skip skb_cow_data(). If TCP\nreceive coalescing has moved shared frags into an unmarked skb, ESP can\nsee skb_has_shared_frag() as false and decrypt in place over page-cache\nbacked frags.\n\nPropagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged\nfrags. The tailroom copy path does not need the marker because it copies\nbytes into @to\u0027s linear data rather than transferring frag descriptors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46300",
"url": "https://www.suse.com/security/cve/CVE-2026-46300"
},
{
"category": "external",
"summary": "SUSE Bug 1265209 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265209"
},
{
"category": "external",
"summary": "SUSE Bug 1265226 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265226"
},
{
"category": "external",
"summary": "SUSE Bug 1265312 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265312"
},
{
"category": "external",
"summary": "SUSE Bug 1265383 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265383"
},
{
"category": "external",
"summary": "SUSE Bug 1265960 for CVE-2026-46300",
"url": "https://bugzilla.suse.com/1265960"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:32:33Z",
"details": "important"
}
],
"title": "CVE-2026-46300"
},
{
"cve": "CVE-2026-46333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-46333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nptrace: slightly saner \u0027get_dumpable()\u0027 logic\n\nThe \u0027dumpability\u0027 of a task is fundamentally about the memory image of\nthe task - the concept comes from whether it can core dump or not - and\nmakes no sense when you don\u0027t have an associated mm.\n\nAnd almost all users do in fact use it only for the case where the task\nhas a mm pointer.\n\nBut we have one odd special case: ptrace_may_access() uses \u0027dumpable\u0027 to\ncheck various other things entirely independently of the MM (typically\nexplicitly using flags like PTRACE_MODE_READ_FSCREDS). Including for\nthreads that no longer have a VM (and maybe never did, like most kernel\nthreads).\n\nIt\u0027s not what this flag was designed for, but it is what it is.\n\nThe ptrace code does check that the uid/gid matches, so you do have to\nbe uid-0 to see kernel thread details, but this means that the\ntraditional \"drop capabilities\" model doesn\u0027t make any difference for\nthis all.\n\nMake it all make a *bit* more sense by saying that if you don\u0027t have a\nMM pointer, we\u0027ll use a cached \"last dumpability\" flag if the thread\never had a MM (it will be zero for kernel threads since it is never\nset), and require a proper CAP_SYS_PTRACE capability to override.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-46333",
"url": "https://www.suse.com/security/cve/CVE-2026-46333"
},
{
"category": "external",
"summary": "SUSE Bug 1265308 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265308"
},
{
"category": "external",
"summary": "SUSE Bug 1265384 for CVE-2026-46333",
"url": "https://bugzilla.suse.com/1265384"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Micro 6.0:kernel-livepatch-6_4_0-30-rt-19-1.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-06-01T09:32:33Z",
"details": "important"
}
],
"title": "CVE-2026-46333"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…